Results of system analysis

AVZ 5.99 http://z-oleg.com/secur/avz/

Process List

Kernel Space Modules Viewer

Services

Drivers

Autoruns

Internet Explorer extension modules (BHOs, Toolbars ...)

Windows Explorer extension modules

Printing system extensions (print monitors, providers)

Task Scheduler jobs

Namespace providers (NSP)

Transport protocol providers (TSP, LSP)

TCP/UDP ports

Downloaded Program Files (DPF)

Control Panel Applets (CPL)

Active Setup

HOSTS file

127.0.0.1       localhost

Protocols and handlers

Shared resources

Background Intelligent Transfer Service (BITS) Jobs

Suspicious objects

AVZ Toolkit log; AVZ version is 5.99
Scanning started at 13.11.2024 20:01:10
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 08.11.2024 04:00
Heuristic microprograms loaded: 419
PVS microprograms loaded: 10
Digital signatures of system files loaded: 718091
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.22631,  "Windows 10 Home" (Windows 10 Home) x64, install date 08.06.2023 09:28:00 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 176
Extended process analysis: 1700 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
[ES]:Application has no visible windows
 Number of modules loaded: 142
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
 >>  Windows Update settings blocked
 >>  Process termination timeout is out of admissible values
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 318, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 13.11.2024 20:02:09
Time of scanning: 00:01:00
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="5.255.255.77,77.88.55.88,77.88.44.55", Ping=OK (0,232,5.255.255.77)
  Host="google.ru", IP="142.250.69.227", Ping=OK (0,15,142.250.69.227)
  Host="google.com", IP="142.250.72.14", Ping=OK (0,16,142.250.72.14)
  Host="www.kaspersky.com", IP="18.229.176.75", Ping=OK (0,172,18.229.176.75)
  Host="www.kaspersky.ru", IP="18.229.176.75", Ping=OK (0,170,18.229.176.75)
  Host="dnl-03.geo.kaspersky.com", IP="4.28.136.38", Ping=OK (0,46,4.28.136.38)
  Host="dnl-11.geo.kaspersky.com", IP="80.239.170.187", Ping=OK (0,172,80.239.170.187)
  Host="activation-v2.kaspersky.com", IP="4.59.181.141", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="217.20.155.13,217.20.147.1,5.61.23.11", Ping=OK (0,180,217.20.155.13)
  Host="vk.com", IP="93.186.225.194,87.240.137.164,87.240.132.72,87.240.132.67,87.240.129.133,...", Ping=OK (0,175,93.186.225.194)
  Host="vkontakte.ru", IP="87.240.129.133,87.240.132.72,87.240.132.67,93.186.225.194,87.240.137.164,...", Ping=OK (0,160,87.240.129.133)
  Host="twitter.com", IP="104.244.42.1", Ping=OK (0,52,104.244.42.1)
  Host="facebook.com", IP="57.144.104.1", Ping=OK (0,23,57.144.104.1)
  Host="ru-ru.facebook.com", IP="57.144.104.141", Ping=OK (0,16,57.144.104.141)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=wininet.dll
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
  Interface: "Bluetooth Network Connection"
   IPAddress = "0.0.0.0"
   DHCPIPAddress = "0.0.0.0"
   SubnetMask = "255.0.0.0"
   DHCPSubnetMask = "255.0.0.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "255.255.255.255"
  Interface: "Wi-Fi"
   IPAddress = "10.0.0.95"
   DHCPIPAddress = "10.0.0.95"
   SubnetMask = "255.255.255.0"
   DHCPSubnetMask = "255.255.255.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "10.0.0.1"
 Network Persistent Routes

• Blocking hooks using Anti-Rootkit
  
• Enable AVZGuard
  
• Operations with AVZPM (true=enable,false=disable)
  
• BootCleaner - import list of deleted files
  
• BootCleaner - import all
  
• Remove traces of deleted files
  
• ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
  
• BootCleaner - activate
  
• Reboot
  
• Insert template for QuarantineFile() - quarantining a file
  
• Insert template for BC_QrFile() - quarantining file via BootCleaner
  
• Insert template for DeleteFile() - deleting a file
  
• Insert template for DelCLSID() - removing a CLSID item from registry
  

• Performance tweaking: disable service TermService (Remote Desktop Services)
  
• Security tweaking: disable CD autorun
  
• Security tweaking: disable administrative shares
  
• Security tweaking: disable anonymous user access
  
• Windows Explorer - show extensions of known file types