Показано с 1 по 2 из 2.

my report ...

  1. #1
    Junior Member Репутация
    Регистрация
    21.04.2009
    Сообщений
    1
    Вес репутации
    33

    my report ...

    I have a fucken virus of .exe.exe ... this is my report ...
    Код:
     
    <AVZ_CollectSysInfo>
    --------------------
    Start time: 4/20/2009 11:45:43 PM
    Duration: 00:02:34
    Finish time: 4/20/2009 11:48:17 PM
    
    <AVZ_CollectSysInfo>
    --------------------
    Time Event
    ---- -----
    4/20/2009 11:45:44 PM Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3, v.5657"
    4/20/2009 11:45:45 PM System Restore: Disabled
    4/20/2009 11:45:46 PM 1.1 Searching for user-mode API hooks
    4/20/2009 11:45:46 PM  Analysis: kernel32.dll, export table found in section .text
    4/20/2009 11:45:46 PM Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C80236B->61F03F42
    4/20/2009 11:45:46 PM Hook kernel32.dll:CreateProcessA (99) blocked
    4/20/2009 11:45:46 PM Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802336->61F04040
    4/20/2009 11:45:46 PM Hook kernel32.dll:CreateProcessW (103) blocked
    4/20/2009 11:45:46 PM Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AC6E->61F041FC
    4/20/2009 11:45:46 PM Hook kernel32.dll:FreeLibrary (241) blocked
    4/20/2009 11:45:46 PM Function kernel32.dll:GetModuleFileNameA (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B55F->61F040FB
    4/20/2009 11:45:46 PM Hook kernel32.dll:GetModuleFileNameA (373) blocked
    4/20/2009 11:45:46 PM Function kernel32.dll:GetModuleFileNameW (374) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B465->61F041A0
    4/20/2009 11:45:46 PM Hook kernel32.dll:GetModuleFileNameW (374) blocked
    4/20/2009 11:45:46 PM Function kernel32.dll:GetProcAddress (409) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE30->61F04648
    4/20/2009 11:45:46 PM Hook kernel32.dll:GetProcAddress (409) blocked
    4/20/2009 11:45:46 PM Function kernel32.dll:LoadLibraryA (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D7B->61F03C6F
    4/20/2009 11:45:46 PM Hook kernel32.dll:LoadLibraryA (581) blocked
    4/20/2009 11:45:46 PM  >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement  !!)
    4/20/2009 11:45:46 PM Function kernel32.dll:LoadLibraryExA (582) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D53->61F03DAF
    4/20/2009 11:45:46 PM Hook kernel32.dll:LoadLibraryExA (582) blocked
    4/20/2009 11:45:46 PM  >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
    4/20/2009 11:45:46 PM Function kernel32.dll:LoadLibraryExW (583) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF5->61F03E5A
    4/20/2009 11:45:46 PM Hook kernel32.dll:LoadLibraryExW (583) blocked
    4/20/2009 11:45:46 PM Function kernel32.dll:LoadLibraryW (584) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AEDB->61F03D0C
    4/20/2009 11:45:46 PM Hook kernel32.dll:LoadLibraryW (584) blocked
    4/20/2009 11:45:46 PM IAT modification detected: LoadLibraryW - 00C60010<>7C80AEDB
    4/20/2009 11:45:46 PM  Analysis: ntdll.dll, export table found in section .text
    4/20/2009 11:45:46 PM  Analysis: user32.dll, export table found in section .text
    4/20/2009 11:45:46 PM  Analysis: advapi32.dll, export table found in section .text
    4/20/2009 11:45:46 PM  Analysis: ws2_32.dll, export table found in section .text
    4/20/2009 11:45:46 PM  Analysis: wininet.dll, export table found in section .text
    4/20/2009 11:45:46 PM  Analysis: rasapi32.dll, export table found in section .text
    4/20/2009 11:45:46 PM  Analysis: urlmon.dll, export table found in section .text
    4/20/2009 11:45:46 PM  Analysis: netapi32.dll, export table found in section .text
    4/20/2009 11:45:48 PM 1.2 Searching for kernel-mode API hooks
    4/20/2009 11:45:48 PM  Driver loaded successfully
    4/20/2009 11:45:48 PM  SDT found (RVA=083220)
    4/20/2009 11:45:48 PM  Kernel ntoskrnl.exe found in memory at address 804D7000
    4/20/2009 11:45:48 PM    SDT = 8055A220
    4/20/2009 11:45:48 PM    KiST = 804E26A8 (284)
    4/20/2009 11:45:48 PM Function NtAdjustPrivilegesToken (0B) intercepted (8058D0AD->F6C1F1DA), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:48 PM >>> Function restored successfully !
    4/20/2009 11:45:48 PM >>> Hook code blocked
    4/20/2009 11:45:48 PM Function NtClose (19) intercepted (805678DD->F6C1F7AE), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:48 PM >>> Function restored successfully !
    4/20/2009 11:45:48 PM >>> Hook code blocked
    4/20/2009 11:45:48 PM Function NtConnectPort (1F) intercepted (805879F7->F6C211EA), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:48 PM >>> Function restored successfully !
    4/20/2009 11:45:48 PM >>> Hook code blocked
    4/20/2009 11:45:48 PM Function NtCreateFile (25) intercepted (8056CDC0->F6C20B9C), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:48 PM >>> Function restored successfully !
    4/20/2009 11:45:48 PM >>> Hook code blocked
    4/20/2009 11:45:48 PM Function NtCreateKey (29) intercepted (8057065D->F6C1E950), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:48 PM >>> Function restored successfully !
    4/20/2009 11:45:48 PM >>> Hook code blocked
    4/20/2009 11:45:48 PM Function NtCreateSymbolicLinkObject (34) intercepted (8059F519->F6C22B7C), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:48 PM >>> Function restored successfully !
    4/20/2009 11:45:48 PM >>> Hook code blocked
    4/20/2009 11:45:48 PM Function NtCreateThread (35) intercepted (8058E64B->F6C1F5AE), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:48 PM >>> Function restored successfully !
    4/20/2009 11:45:48 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtDeleteKey (3F) intercepted (805952CA->F6C1ED92), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtDeleteValueKey (41) intercepted (80592D5C->F6C1EF92), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtDeviceIoControlFile (42) intercepted (8058EFB9->F6C20EAC), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtDuplicateObject (44) intercepted (805715E0->F6C23084), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtEnumerateKey (47) intercepted (80570D64->F6C1F0A8), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtEnumerateValueKey (49) intercepted (80590677->F6C1F110), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtFsControlFile (54) intercepted (8057AAB5->F6C20D5E), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtLoadDriver (61) intercepted (805A3B01->F6C22620), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtOpenFile (74) intercepted (8056CD5B->F6C209F8), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtOpenKey (77) intercepted (80568D59->F6C1EAB2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtOpenProcess (7A) intercepted (805717C7->F6C1F3B2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtOpenSection (7D) intercepted (80570FD7->F6C22BA6), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtOpenThread (80) intercepted (8058A1C9->F6C1F2FE), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtQueryKey (A0) intercepted (80570A6D->F6C1F178), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtQueryMultipleValueKey (A1) intercepted (8064E338->F6C1EE7C), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtQueryValueKey (B1) intercepted (8056A1F2->F6C1EC5A), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtQueueApcThread (B4) intercepted (80591097->F6C22888), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtReplaceKey (C1) intercepted (8064F112->F6C1E5D2), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtRequestWaitReplyPort (C8) intercepted (80576CE6->F6C21A74), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtRestoreKey (CC) intercepted (8064ECA9->F6C1E734), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtResumeThread (CE) intercepted (8058ECBE->F6C22F56), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtSaveKey (CF) intercepted (8064EDAA->F6C1E3D0), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtSecureConnectPort (D2) intercepted (8058F4EA->F6C2108C), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtSetContextThread (D5) intercepted (8062DCF7->F6C1F6AC), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtSetSecurityObject (ED) intercepted (8059B1AB->F6C2271A), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:49 PM >>> Hook code blocked
    4/20/2009 11:45:49 PM Function NtSetSystemInformation (F0) intercepted (805A7BED->F6C22BD0), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:49 PM >>> Function restored successfully !
    4/20/2009 11:45:50 PM >>> Hook code blocked
    4/20/2009 11:45:50 PM Function NtSetValueKey (F7) intercepted (80572889->F6C1EB08), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:50 PM >>> Function restored successfully !
    4/20/2009 11:45:50 PM >>> Hook code blocked
    4/20/2009 11:45:50 PM Function NtSuspendProcess (FD) intercepted (8062F8D9->F6C22CB4), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:50 PM >>> Function restored successfully !
    4/20/2009 11:45:50 PM >>> Hook code blocked
    4/20/2009 11:45:50 PM Function NtSuspendThread (FE) intercepted (805E046E->F6C22DE0), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:50 PM >>> Function restored successfully !
    4/20/2009 11:45:50 PM >>> Hook code blocked
    4/20/2009 11:45:50 PM Function NtSystemDebugControl (FF) intercepted (80649CFB->F6C2254C), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:50 PM >>> Function restored successfully !
    4/20/2009 11:45:50 PM >>> Hook code blocked
    4/20/2009 11:45:50 PM Function NtTerminateProcess (101) intercepted (805822EC->F6C1F47E), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:50 PM >>> Function restored successfully !
    4/20/2009 11:45:50 PM >>> Hook code blocked
    4/20/2009 11:45:50 PM Function NtWriteVirtualMemory (115) intercepted (8057E42A->F6C1F4F0), hook C:\WINDOWS\system32\DRIVERS\klif.sys
    4/20/2009 11:45:50 PM >>> Function restored successfully !
    4/20/2009 11:45:50 PM >>> Hook code blocked
    4/20/2009 11:45:50 PM Function FsRtlCheckLockForReadAccess (80512919) - machine code modification Method of JmpTo. jmp F6C36626 \SystemRoot\system32\DRIVERS\klif.sys
    4/20/2009 11:45:50 PM >>> Function restored successfully !
    4/20/2009 11:45:50 PM Function IoIsOperationSynchronous (804E875A) - machine code modification Method of JmpTo. jmp F6C369E0 \SystemRoot\system32\DRIVERS\klif.sys
    4/20/2009 11:45:50 PM >>> Function restored successfully !
    4/20/2009 11:45:52 PM Functions checked: 284, intercepted: 39, restored: 41
    4/20/2009 11:45:52 PM 1.3 Checking IDT and SYSENTER
    4/20/2009 11:45:52 PM  Analysis for CPU 1
    4/20/2009 11:45:52 PM  Checking IDT and SYSENTER - complete
    4/20/2009 11:45:53 PM 1.4 Searching for masking processes and drivers
    4/20/2009 11:45:53 PM  Checking not performed: extended monitoring driver (AVZPM) is not installed
    4/20/2009 11:45:53 PM  Driver loaded successfully
    4/20/2009 11:45:53 PM 1.5 Checking of IRP handlers
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_CREATE] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_CLOSE] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_WRITE] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_QUERY_EA] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_SET_EA] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\ntfs[IRP_MJ_PNP] = 833DC1F8 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_CREATE] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_CLOSE] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_WRITE] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_QUERY_INFORMATION] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_SET_INFORMATION] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_QUERY_EA] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_SET_EA] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_QUERY_VOLUME_INFORMATION] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_SET_VOLUME_INFORMATION] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_DIRECTORY_CONTROL] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_FILE_SYSTEM_CONTROL] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_DEVICE_CONTROL] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_LOCK_CONTROL] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM \FileSystem\FastFat[IRP_MJ_PNP] = 830B3500 -> hook not defined
    4/20/2009 11:45:53 PM  Checking - complete
    4/20/2009 11:45:54 PM C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll --> Suspicion for Keylogger or Trojan DLL
    4/20/2009 11:45:54 PM C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll>>> Behavioral analysis 
    4/20/2009 11:45:54 PM  Behaviour typical for keyloggers not detected
    4/20/2009 11:45:54 PM C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll --> Suspicion for Keylogger or Trojan DLL
    4/20/2009 11:45:54 PM C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll>>> Behavioral analysis 
    4/20/2009 11:45:54 PM  Behaviour typical for keyloggers not detected
    4/20/2009 11:45:54 PM C:\Program Files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll --> Suspicion for Keylogger or Trojan DLL
    4/20/2009 11:45:54 PM C:\Program Files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll>>> Behavioral analysis 
    4/20/2009 11:45:54 PM  Behaviour typical for keyloggers not detected
    4/20/2009 11:45:54 PM Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
    4/20/2009 11:46:17 PM Latent loading of libraries through AppInit_DLLs suspected: "C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"
    4/20/2009 11:46:19 PM >> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
    4/20/2009 11:46:19 PM >> Services: potentially dangerous service allowed: TermService (Terminal Services)
    4/20/2009 11:46:19 PM >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
    4/20/2009 11:46:19 PM >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
    4/20/2009 11:46:19 PM >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
    4/20/2009 11:46:19 PM >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
    4/20/2009 11:46:19 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
    4/20/2009 11:46:19 PM >> Security: disk drives' autorun is enabled
    4/20/2009 11:46:19 PM >> Security: administrative shares (C$, D$ ...) are enabled
    4/20/2009 11:46:20 PM >> Security: anonymous user access is enabled
    4/20/2009 11:46:20 PM >> Security: sending Remote Assistant queries is enabled
    4/20/2009 11:46:28 PM  >>  Disable CD/DVD autorun
    4/20/2009 11:46:29 PM  >>  Windows Update is disabled
    4/20/2009 11:46:29 PM System Analysis in progress
    4/20/2009 11:48:17 PM System Analysis - complete
    4/20/2009 11:48:17 PM Delete file:C:\Documents and Settings\EGYPT-RAGAB\Desktop\Virus Removal Tool\is-HLCRH\LOG\avptool_syscheck.htm
    4/20/2009 11:48:17 PM Delete file:C:\Documents and Settings\EGYPT-RAGAB\Desktop\Virus Removal Tool\is-HLCRH\LOG\avptool_syscheck.xml
    4/20/2009 11:48:17 PM Deleting service/driver: utezotc0
    4/20/2009 11:48:17 PM Delete file:C:\WINDOWS\system32\Drivers\utezotc0.sys
    4/20/2009 11:48:17 PM Deleting service/driver: ujezotc0
    4/20/2009 11:48:17 PM Script executed without errors

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для AndreyKa
    Регистрация
    08.01.2005
    Адрес
    Россия
    Сообщений
    13,625
    Вес репутации
    1291
    Последний раз редактировалось AndreyKa; 21.04.2009 в 20:59.

Похожие темы

  1. report
    От love begin в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 17.09.2009, 00:11
  2. report
    От wwrish в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 27.08.2009, 20:42
  3. report
    От fabio marques в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 26.08.2009, 09:00
  4. AVZ Report
    От srigyre в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 10.06.2009, 10:09
  5. Report
    От miloth2001 в разделе Malware Removal Service
    Ответов: 2
    Последнее сообщение: 14.03.2009, 14:33

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01226 seconds with 16 queries