Вход на сайт
проверить шпиона
375 просмотров
Перейти к просмотру всей ветки
в ответ Чужой 22.10.13 21:38
вот лог
Attention !!! Database was last updated 12.07.2013 it is necessary to update the database (via File - Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.41
Scanning started at 22.10.2013 22:26:23
Database loaded: signatures - 297614, NN profile(s) - 2, malware removal microprograms - 56, signature database released 12.07.2013 13:39
Heuristic microprograms loaded: 403
PVS microprograms loaded: 9
Digital signatures of system files loaded: 565706
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 6.1.7601, Service Pack 1 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Function ntdll.dll:LdrLoadDll (137) intercepted, method - APICodeHijack.JmpTo[000301EE]
Function ntdll.dll:LdrUnloadDll (161) intercepted, method - APICodeHijack.JmpTo[000303F2]
Function ntdll.dll:NtAllocateVirtualMemory (197) intercepted, method - APICodeHijack.JmpTo[000305F6]
Function ntdll.dll:NtFreeVirtualMemory (310) intercepted, method - APICodeHijack.JmpTo[000307FA]
Function ntdll.dll:NtProtectVirtualMemory (395) intercepted, method - APICodeHijack.JmpTo[000309FE]
Function ntdll.dll:NtSetContextThread (496) intercepted, method - APICodeHijack.JmpTo[00030E06]
Function ntdll.dll:NtTerminateProcess (550) intercepted, method - APICodeHijack.JmpTo[00030C02]
Function ntdll.dll:ZwAllocateVirtualMemory (1449) intercepted, method - APICodeHijack.JmpTo[000305F6]
Function ntdll.dll:ZwFreeVirtualMemory (1561) intercepted, method - APICodeHijack.JmpTo[000307FA]
Function ntdll.dll:ZwProtectVirtualMemory (1645) intercepted, method - APICodeHijack.JmpTo[000309FE]
Function ntdll.dll:ZwSetContextThread (1746) intercepted, method - APICodeHijack.JmpTo[00030E06]
Function ntdll.dll:ZwTerminateProcess (1800) intercepted, method - APICodeHijack.JmpTo[00030C02]
Analysis: user32.dll, export table found in section .text
Function user32.dll:SetWinEventHook (2216) intercepted, method - APICodeHijack.JmpTo[001501EE]
Function user32.dll:SetWindowsHookExA (2231) intercepted, method - APICodeHijack.JmpTo[001505F6]
Function user32.dll:SetWindowsHookExW (2232) intercepted, method - APICodeHijack.JmpTo[001507FA]
Function user32.dll:UnhookWinEvent (2279) intercepted, method - APICodeHijack.JmpTo[001503F2]
Function user32.dll:UnhookWindowsHookEx (2281) intercepted, method - APICodeHijack.JmpTo[001509FE]
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Error loading driver - operation interrupted [C000036B]
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
Number of processes found: 17
Number of modules loaded: 308
Scanning RAM - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Program Files\AVAST Software\Avast\snxhk.dll --> Suspicion for Keylogger or Trojan DLL
C:\Program Files\AVAST Software\Avast\snxhk.dll>>> Behaviour analysis
Behaviour typical for keyloggers was not detected
C:\PROGRA~2\MICROS~1\Office14\1031\GrooveIntlResource.dll --> Suspicion for Keylogger or Trojan DLL
C:\PROGRA~2\MICROS~1\Office14\1031\GrooveIntlResource.dll>>> Behaviour analysis
Behaviour typical for keyloggers was not detected
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remotedesktopdienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suche)
>> Services: potentially dangerous service allowed: Schedule (Aufgabenplanung)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 76546, extracted from archives: 37270, malicious software found 0, suspicions - 0
Scanning finished at 22.10.2013 22:40:52
Time of scanning: 00:14:31
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
вот что курсивом, у меня красным цветом, той проги, что ты предложил.
Что делать дальше?
Attention !!! Database was last updated 12.07.2013 it is necessary to update the database (via File - Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.41
Scanning started at 22.10.2013 22:26:23
Database loaded: signatures - 297614, NN profile(s) - 2, malware removal microprograms - 56, signature database released 12.07.2013 13:39
Heuristic microprograms loaded: 403
PVS microprograms loaded: 9
Digital signatures of system files loaded: 565706
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 6.1.7601, Service Pack 1 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Function ntdll.dll:LdrLoadDll (137) intercepted, method - APICodeHijack.JmpTo[000301EE]
Function ntdll.dll:LdrUnloadDll (161) intercepted, method - APICodeHijack.JmpTo[000303F2]
Function ntdll.dll:NtAllocateVirtualMemory (197) intercepted, method - APICodeHijack.JmpTo[000305F6]
Function ntdll.dll:NtFreeVirtualMemory (310) intercepted, method - APICodeHijack.JmpTo[000307FA]
Function ntdll.dll:NtProtectVirtualMemory (395) intercepted, method - APICodeHijack.JmpTo[000309FE]
Function ntdll.dll:NtSetContextThread (496) intercepted, method - APICodeHijack.JmpTo[00030E06]
Function ntdll.dll:NtTerminateProcess (550) intercepted, method - APICodeHijack.JmpTo[00030C02]
Function ntdll.dll:ZwAllocateVirtualMemory (1449) intercepted, method - APICodeHijack.JmpTo[000305F6]
Function ntdll.dll:ZwFreeVirtualMemory (1561) intercepted, method - APICodeHijack.JmpTo[000307FA]
Function ntdll.dll:ZwProtectVirtualMemory (1645) intercepted, method - APICodeHijack.JmpTo[000309FE]
Function ntdll.dll:ZwSetContextThread (1746) intercepted, method - APICodeHijack.JmpTo[00030E06]
Function ntdll.dll:ZwTerminateProcess (1800) intercepted, method - APICodeHijack.JmpTo[00030C02]
Analysis: user32.dll, export table found in section .text
Function user32.dll:SetWinEventHook (2216) intercepted, method - APICodeHijack.JmpTo[001501EE]
Function user32.dll:SetWindowsHookExA (2231) intercepted, method - APICodeHijack.JmpTo[001505F6]
Function user32.dll:SetWindowsHookExW (2232) intercepted, method - APICodeHijack.JmpTo[001507FA]
Function user32.dll:UnhookWinEvent (2279) intercepted, method - APICodeHijack.JmpTo[001503F2]
Function user32.dll:UnhookWindowsHookEx (2281) intercepted, method - APICodeHijack.JmpTo[001509FE]
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Error loading driver - operation interrupted [C000036B]
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
Number of processes found: 17
Number of modules loaded: 308
Scanning RAM - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Program Files\AVAST Software\Avast\snxhk.dll --> Suspicion for Keylogger or Trojan DLL
C:\Program Files\AVAST Software\Avast\snxhk.dll>>> Behaviour analysis
Behaviour typical for keyloggers was not detected
C:\PROGRA~2\MICROS~1\Office14\1031\GrooveIntlResource.dll --> Suspicion for Keylogger or Trojan DLL
C:\PROGRA~2\MICROS~1\Office14\1031\GrooveIntlResource.dll>>> Behaviour analysis
Behaviour typical for keyloggers was not detected
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remotedesktopdienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suche)
>> Services: potentially dangerous service allowed: Schedule (Aufgabenplanung)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 76546, extracted from archives: 37270, malicious software found 0, suspicions - 0
Scanning finished at 22.10.2013 22:40:52
Time of scanning: 00:14:31
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
вот что курсивом, у меня красным цветом, той проги, что ты предложил.
Что делать дальше?
Солнце большое и всем тепло должно
быть