Код:
<AVZ_CollectSysInfo>
--------------------
Start time: 2008-07-24 13:13
Duration: 00:00:54
Finish time: 2008-07-24 13:14
<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
2008-07-24 13:13 1.1 Searching for user-mode API hooks
2008-07-24 13:13 Analysis: kernel32.dll, export table found in section .text
2008-07-24 13:13 Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42
2008-07-24 13:13 Hook kernel32.dll:CreateProcessA (99) blocked
2008-07-24 13:13 Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040
2008-07-24 13:13 Hook kernel32.dll:CreateProcessW (103) blocked
2008-07-24 13:13 Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AA66->61F041FC
2008-07-24 13:13 Hook kernel32.dll:FreeLibrary (241) blocked
2008-07-24 13:13 Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B357->61F040FB
2008-07-24 13:13 Hook kernel32.dll:GetModuleFileNameA (372) blocked
2008-07-24 13:13 Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B25D->61F041A0
2008-07-24 13:13 Hook kernel32.dll:GetModuleFileNameW (373) blocked
2008-07-24 13:13 Function kernel32.dll:GetProcAddress (408) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AC28->61F04648
2008-07-24 13:13 Hook kernel32.dll:GetProcAddress (408) blocked
2008-07-24 13:13 Function kernel32.dll:LoadLibraryA (578) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F
2008-07-24 13:13 Hook kernel32.dll:LoadLibraryA (578) blocked
2008-07-24 13:13 >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
2008-07-24 13:13 Function kernel32.dll:LoadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF
2008-07-24 13:13 Hook kernel32.dll:LoadLibraryExA (579) blocked
2008-07-24 13:13 >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
2008-07-24 13:13 Function kernel32.dll:LoadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A
2008-07-24 13:13 Hook kernel32.dll:LoadLibraryExW (580) blocked
2008-07-24 13:13 Function kernel32.dll:LoadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ACD3->61F03D0C
2008-07-24 13:13 Hook kernel32.dll:LoadLibraryW (581) blocked
2008-07-24 13:13 IAT modification detected: GetModuleFileNameW - 00B00010<>7C80B25D
2008-07-24 13:13 Analysis: ntdll.dll, export table found in section .text
2008-07-24 13:13 Analysis: user32.dll, export table found in section .text
2008-07-24 13:13 Analysis: advapi32.dll, export table found in section .text
2008-07-24 13:13 Analysis: ws2_32.dll, export table found in section .text
2008-07-24 13:13 Analysis: wininet.dll, export table found in section .text
2008-07-24 13:13 Analysis: rasapi32.dll, export table found in section .text
2008-07-24 13:13 Analysis: urlmon.dll, export table found in section .text
2008-07-24 13:13 Analysis: netapi32.dll, export table found in section .text
2008-07-24 13:13 1.2 Searching for kernel-mode API hooks
2008-07-24 13:13 Driver loaded successfully
2008-07-24 13:13 SDT found (RVA=0846E0)
2008-07-24 13:13 Kernel ntkrnlpa.exe found in memory at address 804D7000
2008-07-24 13:13 SDT = 8055B6E0
2008-07-24 13:13 KiST = 80503734 (284)
2008-07-24 13:13 Function NtAssignProcessToJobObject (13) intercepted (805D4DD0->B6AB6C20), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtClose (19) intercepted (805BAEB4->B6AA21E0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtConnectPort (1F) intercepted (805A2FF4->B6AB886C), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtCreateFile (25) intercepted (80577E5E->B6A9CCC0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtCreateKey (29) intercepted (80622048->B6AA8D10), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtCreateProcess (2F) intercepted (805CFA1C->B6AB2270), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtCreateProcessEx (30) intercepted (805CF966->B6AB2AD0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtCreateSection (32) intercepted (805A9DEE->B6A9BE60), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtCreateSymbolicLinkObject (34) intercepted (805C35E0->B6AA8AD0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtCreateThread (35) intercepted (805CF804->B6AB0EE0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtDeleteFile (3E) intercepted (80575A46->B6AA7960), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtDeleteKey (3F) intercepted (806224D8->B6AAA390), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtDeleteValueKey (41) intercepted (806226A8->B6AAF0A0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtEnumerateKey (47) intercepted (80622888->BA6C3FB2), hook C:\WINDOWS\system32\Drivers\sptd.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtEnumerateValueKey (49) intercepted (80622AF2->BA6C4340), hook C:\WINDOWS\system32\Drivers\sptd.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtMakeTemporaryObject (69) intercepted (805BAF58->B6AA8350), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtOpenFile (74) intercepted (80578F5C->B6AA0FE0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtOpenKey (77) intercepted (806233DE->B6AA9BB0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtOpenProcess (7A) intercepted (805C9C46->B6AB47D0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtOpenSection (7D) intercepted (805A8E12->B6A9C5F0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtOpenThread (80) intercepted (805C9ED2->B6AB3DF0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtProtectVirtualMemory (89) intercepted (805B6DA2->B6AB7DA0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtQueryDirectoryFile (91) intercepted (80578C3E->B6AA2DF0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtQueryKey (A0) intercepted (80623702->B6AAAE40), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtQueryValueKey (B1) intercepted (80620102->B6AAB5B0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtReplaceKey (C1) intercepted (80623C28->B6AAC900), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtRestoreKey (CC) intercepted (80620450->B6AAE900), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtSaveKey (CF) intercepted (806204F2->B6AADA10), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtSaveKeyEx (D0) intercepted (80620582->B6AAE180), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtSecureConnectPort (D2) intercepted (805A2788->B6AB91EC), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtSetContextThread (D5) intercepted (805CFF26->B6AB6400), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtSetInformationFile (E0) intercepted (80579DC4->B6AA3F90), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtSetValueKey (F7) intercepted (80620708->B6AABD50), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtTerminateProcess (101) intercepted (805D1170->B6AB51C0), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtTerminateThread (102) intercepted (805D136A->B6AB5B80), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Function NtWriteVirtualMemory (115) intercepted (805B2D5C->B6AB7390), hook C:\WINDOWS\system32\DRIVERS\SandBox.sys
2008-07-24 13:13 >>> Function restored successfully !
2008-07-24 13:13 >>> Hook code blocked
2008-07-24 13:13 Functions checked: 284, intercepted: 36, restored: 36
2008-07-24 13:13 1.3 Checking IDT and SYSENTER
2008-07-24 13:13 Analysis for CPU 1
2008-07-24 13:13 Analysis for CPU 2
2008-07-24 13:13 Checking IDT and SYSENTER - complete
2008-07-24 13:13 1.4 Searching for masking processes and drivers
2008-07-24 13:13 Checking not performed: extended monitoring driver (AVZPM) is not installed
2008-07-24 13:13 Driver loaded successfully
2008-07-24 13:13 1.5 Checking of IRP handlers
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_CREATE] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_CLOSE] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_WRITE] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_QUERY_EA] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_SET_EA] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\ntfs[IRP_MJ_PNP] = 8A5C51E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_CREATE] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_CLOSE] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_WRITE] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_QUERY_INFORMATION] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_SET_INFORMATION] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_QUERY_EA] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_SET_EA] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_QUERY_VOLUME_INFORMATION] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_SET_VOLUME_INFORMATION] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_DIRECTORY_CONTROL] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_FILE_SYSTEM_CONTROL] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_DEVICE_CONTROL] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_LOCK_CONTROL] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \FileSystem\FastFat[IRP_MJ_PNP] = 85EF21E8 -> hook not defined
2008-07-24 13:13 \driver\tcpip[IRP_MJ_CREATE] = B8FF8DA6 -> C:\WINDOWS\system32\DRIVERS\afw.sys
2008-07-24 13:13 \driver\tcpip[IRP_MJ_DEVICE_CONTROL] = B8FF90DE -> C:\WINDOWS\system32\DRIVERS\afw.sys
2008-07-24 13:13 \driver\tcpip[IRP_MJ_INTERNAL_DEVICE_CONTROL] = B8FF8F60 -> C:\WINDOWS\system32\DRIVERS\afw.sys
2008-07-24 13:13 \driver\tcpip[IRP_MJ_CLEANUP] = B8FF8E94 -> C:\WINDOWS\system32\DRIVERS\afw.sys
2008-07-24 13:13 Checking - complete
2008-07-24 13:13 C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\prremote.dll --> Suspicion for Keylogger or Trojan DLL
2008-07-24 13:13 C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\prremote.dll>>> Behavioural analysis
2008-07-24 13:13 Behaviour typical for keyloggers not detected
2008-07-24 13:13 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll --> Suspicion for Keylogger or Trojan DLL
2008-07-24 13:13 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll>>> Behavioural analysis
2008-07-24 13:13 Behaviour typical for keyloggers not detected
2008-07-24 13:13 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll --> Suspicion for Keylogger or Trojan DLL
2008-07-24 13:13 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll>>> Behavioural analysis
2008-07-24 13:13 Behaviour typical for keyloggers not detected
2008-07-24 13:13 C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\FSSync.dll --> Suspicion for Keylogger or Trojan DLL
2008-07-24 13:13 C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\FSSync.dll>>> Behavioural analysis
2008-07-24 13:13 Behaviour typical for keyloggers not detected
2008-07-24 13:13 c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\params.ppl --> Suspicion for Keylogger or Trojan DLL
2008-07-24 13:13 c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\params.ppl>>> Behavioural analysis
2008-07-24 13:13 Behaviour typical for keyloggers not detected
2008-07-24 13:13 c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\bl.ppl --> Suspicion for Keylogger or Trojan DLL
2008-07-24 13:13 c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\bl.ppl>>> Behavioural analysis
2008-07-24 13:13 Behaviour typical for keyloggers not detected
2008-07-24 13:13 c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\avp1.ppl --> Suspicion for Keylogger or Trojan DLL
2008-07-24 13:13 c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\avp1.ppl>>> Behavioural analysis
2008-07-24 13:13 Behaviour typical for keyloggers not detected
2008-07-24 13:13 c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\avzproxy.ppl --> Suspicion for Keylogger or Trojan DLL
2008-07-24 13:13 c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\avzproxy.ppl>>> Behavioural analysis
2008-07-24 13:13 Behaviour typical for keyloggers not detected
2008-07-24 13:13 c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\avzscan.ppl --> Suspicion for Keylogger or Trojan DLL
2008-07-24 13:13 c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\avzscan.ppl>>> Behavioural analysis
2008-07-24 13:13 Behaviour typical for keyloggers not detected
2008-07-24 13:13 C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\avzkrnl.dll --> Suspicion for Keylogger/Trojan DLL, being masked as system file
2008-07-24 13:13 C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\avzkrnl.dll>>> Behavioural analysis
2008-07-24 13:13 1. Reacts to events: keyboard, all events
2008-07-24 13:13 C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\avzkrnl.dll>>> Neural net: file with probability 0.00% like a typical keyboard/mouse events interceptor
2008-07-24 13:13 c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\basegui.ppl --> Suspicion for Keylogger or Trojan DLL
2008-07-24 13:13 c:\documents and settings\all users\pulpit\kaspersky lab tool\is-foj3r\basegui.ppl>>> Behavioural analysis
2008-07-24 13:13 Behaviour typical for keyloggers not detected
2008-07-24 13:13 Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
2008-07-24 13:14 >> Services: potentially dangerous service allowed: TermService (Usługi terminalowe)
2008-07-24 13:14 >> Services: potentially dangerous service allowed: Schedule (Harmonogram zadań)
2008-07-24 13:14 >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
2008-07-24 13:14 >> Services: potentially dangerous service allowed: RDSessMgr (Menedżer sesji pomocy pulpitu zdalnego)
2008-07-24 13:14 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
2008-07-24 13:14 >> Security: disk drives' autorun is enabled
2008-07-24 13:14 >> Security: administrative shares (C$, D$ ...) are enabled
2008-07-24 13:14 >> Security: anonymous user access is enabled
2008-07-24 13:14 >> Security: sending Remote Assistant queries is enabled
2008-07-24 13:14 System Analysis in progress
2008-07-24 13:14 Delete file:C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\LOG\avptool_syscheck.htm
2008-07-24 13:14 >>>To delete the file C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\LOG\avptool_syscheck.htm reboot is required
2008-07-24 13:14 Delete file:C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\LOG\avptool_syscheck.xml
2008-07-24 13:14 >>>To delete the file C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-FOJ3R\LOG\avptool_syscheck.xml reboot is required
2008-07-24 13:14 Script executed without errors