Показано с 1 по 2 из 2.

Pomogite! (заявка № 64317)

  1. #1
    Junior Member Репутация
    Регистрация
    19.12.2009
    Сообщений
    1
    Вес репутации
    30

    Exclamation Pomogite!

    Код:
    AVZ Antiviral Toolkit log; AVZ version is 4.32
    Scanning started at 12/19/2009 1:47:23 PM
    Database loaded: signatures - 254585, NN profile(s) - 2, malware removal microprograms - 56, signature database released 18.12.2009 22:52
    Heuristic microprograms loaded: 374
    PVS microprograms loaded: 9
    Digital signatures of system files loaded: 161328
    Heuristic analyzer mode: Medium heuristics mode
    Malware removal mode: disabled
    Windows version is: 5.1.2600,  ; AVZ is run with administrator rights
    System Restore: enabled
    1. Searching for Rootkits and other software intercepting API functions
    1.1 Searching for user-mode API hooks
     Analysis: kernel32.dll, export table found in section .text
     Analysis: ntdll.dll, export table found in section .text
     Analysis: user32.dll, export table found in section .text
     Analysis: advapi32.dll, export table found in section .text
     Analysis: ws2_32.dll, export table found in section .text
     Analysis: wininet.dll, export table found in section .text
     Library not found rasapi32.dll
     Analysis: urlmon.dll, export table found in section .text
     Analysis: netapi32.dll, export table found in section .text
    1.2 Searching for kernel-mode API hooks
     Error - file not found (X:\i386\System32\ntoskrnl.exe)
    1.4 Searching for masking processes and drivers
     Checking not performed: extended monitoring driver (AVZPM) is not installed
     Error loading driver - operation interrupted [C0000034]
    2. Scanning RAM
     Number of processes found: 17
     Number of modules loaded: 113
    Scanning RAM - complete
    3. Scanning disks
    Direct reading: B:\Temp\~DFA59C.tmp
    4. Checking  Winsock Layered Service Provider (SPI/LSP)
    LSP Protocol error = "RSVP UDP Service Provider" --> file is missing X:\i386\system32\rsvpsp.dll
    LSP Protocol error = "RSVP TCP Service Provider" --> file is missing X:\i386\system32\rsvpsp.dll
     Attention ! SPI/LSP errors detected. Number of errors - 2
    5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
    X:\i386\system32\LPK.DLL --> Suspicion for Keylogger or Trojan DLL
    X:\i386\system32\LPK.DLL>>> Behaviour analysis 
     Behaviour typical for keyloggers was not detected
    B:\Tools\RICHED20.dll --> Suspicion for Keylogger/Trojan DLL, being masked as system file
    B:\Tools\RICHED20.dll>>> Behaviour analysis 
      1. Reacts to events: keyboard
      2. Polls keys' state
    B:\Tools\RICHED20.dll>>> Neural net: file is 0.00% like a typical keyboard/mouse events interceptor
    X:\i386\system32\hnetcfg.dll --> Suspicion for Keylogger or Trojan DLL
    X:\i386\system32\hnetcfg.dll>>> Behaviour analysis 
     Behaviour typical for keyloggers was not detected
    X:\i386\System32\wshtcpip.dll --> Suspicion for Keylogger or Trojan DLL
    X:\i386\System32\wshtcpip.dll>>> Behaviour analysis 
     Behaviour typical for keyloggers was not detected
    Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
    6. Searching for opened TCP/UDP ports used by malicious software
     Checking - disabled by user
    7. Heuristic system check
    Checking - complete
    8. Searching for vulnerabilities
    >> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
    >> Services: potentially dangerous service allowed: Messenger (Messenger)
    >> Services: potentially dangerous service allowed: Alerter (Alerter)
    > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
    >> Security: administrative shares (C$, D$ ...) are enabled
    >> Security: anonymous user access is enabled
    >>> Security: Internet Explorer allows ActiveX, not marked as safe
    >>> Security: block ActiveX, not marked as safe, in Internet Explorer
    >>> Security: Internet Explorer allows unsigned ActiveX elements
    >>> Security: Internet Explorer allows automatic queries of ActiveX administrative elements
    >>> Security: Internet Explorer allows running files and applications in IFRAME window without asking user
    >> Security: terminal connections to the PC are allowed
    >> Security: sending Remote Assistant queries is enabled
    Checking - complete
    9. Troubleshooting wizard
     >>  Abnormal EXE files association
     >>  Abnormal COM files association
     >>  Abnormal REG files association
     >>  Protocol prefixes are modified
     >>  Internet Explorer - ActiveX, not marked as safe, are allowed
     >>  Internet Explorer - signed ActiveX elements are allowed without asking user
     >>  Internet Explorer - unsigned ActiveX elements are allowed
     >>  Internet Explorer - automatic queries of ActiveX operating elements are allowed
     >>  Internet Explorer - running programs and files in IFRAME window is allowed
     >>  Start menu items are blocked
     >>  Help and Support menu item is blocked
     >>  HDD autorun is allowed
     >>  Network drives autorun is allowed
     >>  Removable media autorun is allowed
    Checking - complete
    Files scanned: 84915, extracted from archives: 74662, malicious software found 0, suspicions - 0
    Scanning finished at 12/19/2009 1:55:34 PM
    Time of scanning: 00:08:12
    If you have a suspicion on presence of viruses or questions on the suspected objects,
    you can address http://virusinfo.info conference
    Последний раз редактировалось pig; 19.12.2009 в 18:19. Причина: упаковал простыню

  2. Будь в курсе!
    Реклама на VirusInfo

    Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

    Anti-Malware Telegram
     

  3. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    26.12.2006
    Адрес
    Vladivostok
    Сообщений
    23,299
    Вес репутации
    1555
    Отключите восстановление системы!
    Выполните скрипт в AVZ:
    Код:
    begin
    ExecuteRepair(1);
    ExecuteRepair(2);
    RebootWindows(true); 
    end.
    Компьютер перезагрузится.
    Сделайте логи в соответствии с правилами.
    I am not young enough to know everything...

  • Уважаемый(ая) Alexx111, наши специалисты оказали Вам всю возможную помощь по вашему обращению.

    В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:

     

     

    Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:

     

     

    Anti-Malware VK

     

    Anti-Malware Telegram

     

     

    Надеемся больше никогда не увидеть ваш компьютер зараженным!

     

    Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.

  • Похожие темы

    1. pomogite
      От Hilsen в разделе Помогите!
      Ответов: 1
      Последнее сообщение: 16.02.2011, 13:33
    2. Pomogite
      От Sao87 в разделе Помогите!
      Ответов: 1
      Последнее сообщение: 09.09.2009, 20:18
    3. Pomogite !!!!!
      От Valery1963 в разделе Помогите!
      Ответов: 12
      Последнее сообщение: 22.02.2009, 03:59
    4. POMOGITE
      От саша* в разделе Помогите!
      Ответов: 1
      Последнее сообщение: 27.11.2008, 22:48
    5. pomogite
      От Aikerima в разделе Помогите!
      Ответов: 2
      Последнее сообщение: 26.12.2007, 18:10

    Свернуть/Развернуть Ваши права в разделе

    • Вы не можете создавать новые темы
    • Вы не можете отвечать в темах
    • Вы не можете прикреплять вложения
    • Вы не можете редактировать свои сообщения
    •  
    Page generated in 0.00273 seconds with 16 queries