Hi,
I finally decided to test KIS 8.
Security analyzer says security is at risk :)
The only report I've managed to find was located in "C:\ProgramData\Kaspersky Lab\AVP8\Data\AVZ\" and is attached hereto.
Thanks.

Ah, I get it now. Your tool took Punto Switcher for a nasty one :)

Punto switcher is based on typical keyboard/mouse events , so it is normal for this " danger" sign in the log.
But it could be infected too ;)

Execute the following script in AVPtool
(how: http://avptool.virusinfo.info/en/AVPTool_helpdesk_curescript.htm)

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\system32\DRIVERS\nwlnkf lt.sys','');
QuarantineFile('C:\Windows\system32\DRIVERS\ipinip .sys','');
QuarantineFile('C:\Windows\system32\drivers\blbdri ve.sys','');
QuarantineFile('C:\Windows\system32\DRIVERS\TVICHW 32.SYS','');
QuarantineFile('F:\Temp\rrmon.sys','');
QuarantineFile('C:\Windows\System32\Drivers\mondrv .sys','');
QuarantineFile('D:\Programs\Spb Wallet\SpbWalletToolbar.dll','');
BC_ImportAll;
BC_Activate;
RebootWindows(true);
end.

Upload quarantine ( it should be in avz sub -folder, remember to zip it with password virus )
Send us using this page: http://virusinfo.info/upload_virus_eng.php?tid=17796.

Wait.
I DO know what SpbWallet, rrmon are.
TVICHW32.SYS is from EnTech Taiwan. I always had it after installing all essential software. Must come with RivaTuner?
Instead of moving these to quarantine, can I just send them all to you?

Добавлено через 4 минуты

NwlnkFwdIPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys
This one is absent. It's installed together with Vista but is unavailable. I thouight it was "normal" for Microsoft :)

Добавлено через 58 секунд

Same applies for this one:
IpInIpIP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys

"quarantine" in avz script language is copy only ;)
Nothing will be removed or deleted.

blbdrive is Miscosoft's.

Добавлено через 10 минут

OK, here is the report. For some reason, NOT all the files have been included... Why?

See attachment.

I will not :) I did told you how to send us requested files.Read again my post number 3.

Uploaded again.

F:\Temp\rrmon.sys- wasn't in archive. F- is your usb-flash ?

About files that you did send us, i think they are clean. You can wait an answer from virlab. I'll let you know about their answer.

As I said earlier: "OK, here is the report. For some reason, NOT all the files have been included... Why?"
"F:" is a partition on my hard drive. I have F:\Temp set as the system Temp folder.
By the way, please make sure the devs fix this lame one: http://forum.kaspersky.com/index.php?showtopic=60132&view=findpost&p=548885

Добавлено через 5 минут

With regard to rrmon.sys: http://forum.oszone.net/printthread-98494.html :)
It's the driver installed by Registrar Registry Manager (former Resplendent Registrar).

I think , maby because different system rights permissions. Did you make something special to disk F ? Maby some encryption ?
I will ask take a look this post to the creator of avz, avptool .

I did receive an answer from one of the kis developers,
He is aware of this bug " Security analyzer says security is at risk" even when in the system hasn't any security risk at all, thank you for your concern. The all sub-system of the Security analyzer will be rebuild in the future. Still, you must understand, it is a pre-beta ;)
P.s. about files that did you send us, they are clean according to viruslab too ;)