Results of system analysis

AVZ 5.93 http://z-oleg.com/secur/avz/

Process List

Kernel Space Modules Viewer

Services

Drivers

Autoruns

Internet Explorer extension modules (BHOs, Toolbars ...)

Windows Explorer extension modules

Printing system extensions (print monitors, providers)

Task Scheduler jobs

Namespace providers (NSP)

Transport protocol providers (TSP, LSP)

TCP/UDP ports

Downloaded Program Files (DPF)

Control Panel Applets (CPL)

Active Setup

HOSTS file

Protocols and handlers

Shared resources

Background Intelligent Transfer Service (BITS) Jobs

Installed applications

Suspicious objects

Attention !!! Database was last updated 5/13/2024 it is necessary to update the database (via File - Database update)
AVZ Toolkit log; AVZ version is 5.93 private build [13.05.2024 16:34:31]
Scanning started at 24.11.2024 12:56:47
Database loaded: signatures - 9995, NN profile(s) - 2, malware removal microprograms - 23, signature database released 13.05.2024 16:00
Heuristic microprograms loaded: 419
PVS microprograms loaded: 10
Digital signatures of system files loaded: 684421
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.26100,  "Windows 10 Pro" (Windows 10 Pro) x64, install date 12.11.2024 11:25:39 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 184
Extended process analysis: 6344 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
[ES]:Application has no visible windows
 Number of modules loaded: 282
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 467, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 24.11.2024 12:57:08
Time of scanning: 00:00:21
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="5.255.255.77,77.88.44.55,77.88.55.88", Ping=OK (0,198,5.255.255.77)
  Host="google.ru", IP="142.250.68.35", Ping=OK (0,11,142.250.68.35)
  Host="google.com", IP="142.250.188.238", Ping=OK (0,13,142.250.188.238)
  Host="www.kaspersky.com", IP="18.229.176.75", Ping=OK (0,383,18.229.176.75)
  Host="www.kaspersky.ru", IP="18.229.176.75", Ping=OK (0,197,18.229.176.75)
  Host="dnl-03.geo.kaspersky.com", IP="66.110.49.80", Ping=OK (0,159,66.110.49.80)
  Host="dnl-11.geo.kaspersky.com", IP="80.239.170.187", Ping=OK (0,179,80.239.170.187)
  Host="activation-v2.kaspersky.com", IP="195.27.252.50", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="217.20.147.1,5.61.23.11,217.20.155.13", Ping=OK (0,182,217.20.147.1)
  Host="vk.com", IP="87.240.132.67,87.240.129.133,87.240.132.72,87.240.132.78,93.186.225.194,...", Ping=OK (0,170,87.240.132.67)
  Host="vkontakte.ru", IP="87.240.132.78,87.240.132.67,93.186.225.194,87.240.137.164,87.240.129.133,...", Ping=OK (0,285,87.240.132.78)
  Host="twitter.com", IP="104.244.42.1,104.244.42.129,104.244.42.193,104.244.42.65", Ping=OK (0,66,104.244.42.1)
  Host="facebook.com", IP="157.240.11.35", Ping=OK (0,12,157.240.11.35)
  Host="ru-ru.facebook.com", IP="157.240.11.17", Ping=OK (0,38,157.240.11.17)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
  Interface: "Ethernet"
   IPAddress = "192.168.0.15"
   DHCPIPAddress = "192.168.0.15"
   SubnetMask = "255.255.255.0"
   DHCPSubnetMask = "255.255.255.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "192.168.0.1"
 Network Persistent Routes

• Blocking hooks using Anti-Rootkit
  
• Enable AVZGuard
  
• Operations with AVZPM (true=enable,false=disable)
  
• BootCleaner - import list of deleted files
  
• BootCleaner - import all
  
• Remove traces of deleted files
  
• ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
  
• BootCleaner - activate
  
• Reboot
  
• Insert template for QuarantineFile() - quarantining a file
  
• Insert template for BC_QrFile() - quarantining file via BootCleaner
  
• Insert template for DeleteFile() - deleting a file
  
• Insert template for DelCLSID() - removing a CLSID item from registry
  

• Performance tweaking: disable service TermService (Remote Desktop Services)
  
• Security tweaking: disable CD autorun
  
• Security tweaking: disable administrative shares
  
• Security tweaking: disable anonymous user access
  
• Security: disable sending Remote Assistant queries
  
• Windows Explorer - show extensions of known file types