-
Junior Member
- Вес репутации
- 53
Pomogite!
Код:
AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 12/19/2009 1:47:23 PM
Database loaded: signatures - 254585, NN profile(s) - 2, malware removal microprograms - 56, signature database released 18.12.2009 22:52
Heuristic microprograms loaded: 374
PVS microprograms loaded: 9
Digital signatures of system files loaded: 161328
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 5.1.2600, ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Library not found rasapi32.dll
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Error - file not found (X:\i386\System32\ntoskrnl.exe)
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Error loading driver - operation interrupted [C0000034]
2. Scanning RAM
Number of processes found: 17
Number of modules loaded: 113
Scanning RAM - complete
3. Scanning disks
Direct reading: B:\Temp\~DFA59C.tmp
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP Protocol error = "RSVP UDP Service Provider" --> file is missing X:\i386\system32\rsvpsp.dll
LSP Protocol error = "RSVP TCP Service Provider" --> file is missing X:\i386\system32\rsvpsp.dll
Attention ! SPI/LSP errors detected. Number of errors - 2
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
X:\i386\system32\LPK.DLL --> Suspicion for Keylogger or Trojan DLL
X:\i386\system32\LPK.DLL>>> Behaviour analysis
Behaviour typical for keyloggers was not detected
B:\Tools\RICHED20.dll --> Suspicion for Keylogger/Trojan DLL, being masked as system file
B:\Tools\RICHED20.dll>>> Behaviour analysis
1. Reacts to events: keyboard
2. Polls keys' state
B:\Tools\RICHED20.dll>>> Neural net: file is 0.00% like a typical keyboard/mouse events interceptor
X:\i386\system32\hnetcfg.dll --> Suspicion for Keylogger or Trojan DLL
X:\i386\system32\hnetcfg.dll>>> Behaviour analysis
Behaviour typical for keyloggers was not detected
X:\i386\System32\wshtcpip.dll --> Suspicion for Keylogger or Trojan DLL
X:\i386\System32\wshtcpip.dll>>> Behaviour analysis
Behaviour typical for keyloggers was not detected
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
>> Services: potentially dangerous service allowed: Messenger (Messenger)
>> Services: potentially dangerous service allowed: Alerter (Alerter)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>>> Security: Internet Explorer allows ActiveX, not marked as safe
>>> Security: block ActiveX, not marked as safe, in Internet Explorer
>>> Security: Internet Explorer allows unsigned ActiveX elements
>>> Security: Internet Explorer allows automatic queries of ActiveX administrative elements
>>> Security: Internet Explorer allows running files and applications in IFRAME window without asking user
>> Security: terminal connections to the PC are allowed
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> Abnormal EXE files association
>> Abnormal COM files association
>> Abnormal REG files association
>> Protocol prefixes are modified
>> Internet Explorer - ActiveX, not marked as safe, are allowed
>> Internet Explorer - signed ActiveX elements are allowed without asking user
>> Internet Explorer - unsigned ActiveX elements are allowed
>> Internet Explorer - automatic queries of ActiveX operating elements are allowed
>> Internet Explorer - running programs and files in IFRAME window is allowed
>> Start menu items are blocked
>> Help and Support menu item is blocked
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 84915, extracted from archives: 74662, malicious software found 0, suspicions - 0
Scanning finished at 12/19/2009 1:55:34 PM
Time of scanning: 00:08:12
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
Последний раз редактировалось pig; 19.12.2009 в 18:19.
Причина: упаковал простыню
-
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
-
Отключите восстановление системы!
Выполните скрипт в AVZ:
Код:
begin
ExecuteRepair(1);
ExecuteRepair(2);
RebootWindows(true);
end.
Компьютер перезагрузится.
Сделайте логи в соответствии с правилами.
I am not young enough to know everything...
-