Results of system analysis

AVZ 5.51 http://z-oleg.com/secur/avz/

Process List

Kernel Space Modules Viewer

Services

Drivers

Autoruns

Internet Explorer extension modules (BHOs, Toolbars ...)

Windows Explorer extension modules

Printing system extensions (print monitors, providers)

Task Scheduler jobs

Namespace providers (NSP)

Transport protocol providers (TSP, LSP)

TCP/UDP ports

Downloaded Program Files (DPF)

Control Panel Applets (CPL)

Active Setup

HOSTS file

127.0.0.1       localhost

Protocols and handlers

Shared resources

Suspicious objects

AVZ Toolkit log; AVZ version is 5.51
Scanning started at 03.08.2021 21:55:58
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 03.08.2021 04:00
Heuristic microprograms loaded: 417
PVS microprograms loaded: 10
Digital signatures of system files loaded: 609169
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Professional" (Windows 10 Pro) x64, install date 16.07.2020 09:06:04 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 53
 Number of modules loaded: 144
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
>>> C:\Windows\svchost.exe HSC: suspicion for File with suspicious name (high degree of probability)
>>> C:\Windows\Fonts\conhost.exe HSC: suspicion for File with suspicious name (high degree of probability)
>>> C:\Windows\Fonts\dl1host.exe HSC: suspicion for File with suspicious name (high degree of probability)
>>> C:\Windows\Fonts\4744396.dll HSC: suspicion for File with suspicious name (high degree of probability)
Danger - process debugger "taskmgr.exe" = ""C:\Program Files (x86)\System Explorer\SystemExplorer.exe""
>>> C:\Windows\java.exe HSC: suspicion for File with suspicious name (CH) (high degree of probability)
>>> C:\Windows\svchost.exe HSC: suspicion for File with suspicious name (CH) (high degree of probability)
Checking - complete
8. Searching for vulnerabilities
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: terminal connections to the PC are allowed
>> Security: sending Remote Assistant queries is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 197, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 03.08.2021 21:56:16
Time of scanning: 00:00:20
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="77.120.3.141,77.120.62.199", Ping=Error (11010,0,0.0.0.0)
  Host="google.ru", IP="172.217.18.67", Ping=OK (0,18,172.217.18.67)
  Host="google.com", IP="142.250.180.238", Ping=OK (0,21,142.250.180.238)
  Host="www.kaspersky.com", IP="4.59.181.140", Ping=OK (0,130,4.59.181.140)
  Host="www.kaspersky.ru", IP="77.120.62.199,77.120.3.141", Ping=Error (11010,0,0.0.0.0)
  Host="dnl-03.geo.kaspersky.com", IP="38.117.98.196", Ping=OK (0,130,38.117.98.196)
  Host="dnl-11.geo.kaspersky.com", IP="38.117.98.253", Ping=OK (0,126,38.117.98.253)
  Host="activation-v2.kaspersky.com", IP="4.59.181.141", Ping=OK (0,136,4.59.181.141)
  Host="odnoklassniki.ru", IP="77.120.62.199,77.120.3.141", Ping=Error (11010,0,0.0.0.0)
  Host="vk.com", IP="77.120.3.141,77.120.62.199", Ping=Error (11010,0,0.0.0.0)
  Host="vkontakte.ru", IP="77.120.62.199,77.120.3.141", Ping=Error (11010,0,0.0.0.0)
  Host="twitter.com", IP="104.244.42.65", Ping=OK (0,35,104.244.42.65)
  Host="facebook.com", IP="157.240.224.35", Ping=OK (0,5,157.240.224.35)
  Host="ru-ru.facebook.com", IP="157.240.224.3", Ping=OK (0,8,157.240.224.3)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=wininet.dll
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
  Interface: "Подключение по локальной сети"
   IPAddress = "77.123.65.135"
   DHCPIPAddress = "77.123.65.135"
   SubnetMask = "255.255.255.0"
   DHCPSubnetMask = "255.255.255.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "77.123.5.1"
  Interface: "VMware Network Adapter VMnet8"
   IPAddress = "0.0.0.0"
   DHCPIPAddress = "0.0.0.0"
   SubnetMask = "255.0.0.0"
   DHCPSubnetMask = "255.0.0.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "255.255.255.255"
  Interface: "Беспроводное сетевое соединение"
   IPAddress = "0.0.0.0"
   DHCPIPAddress = "0.0.0.0"
   SubnetMask = "255.0.0.0"
   DHCPSubnetMask = "255.0.0.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "255.255.255.255"
  Interface: "VMware Network Adapter VMnet1"
   IPAddress = "0.0.0.0"
   DHCPIPAddress = "0.0.0.0"
   SubnetMask = "255.0.0.0"
   DHCPSubnetMask = "255.0.0.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "255.255.255.255"
 Network Persistent Routes

• Blocking hooks using Anti-Rootkit
  
• Enable AVZGuard
  
• Operations with AVZPM (true=enable,false=disable)
  
• BootCleaner - import list of deleted files
  
• BootCleaner - import all
  
• Remove traces of deleted files
  
• ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
  
• BootCleaner - activate
  
• Reboot
  
• Insert template for QuarantineFile() - quarantining a file
  
• Insert template for BC_QrFile() - quarantining file via BootCleaner
  
• Insert template for DeleteFile() - deleting a file
  
• Insert template for DelCLSID() - removing a CLSID item from registry
  

• Security tweaking: disable CD autorun
  
• Security tweaking: disable administrative shares
  
• Security tweaking: disable anonymous user access
  
• Security: prevent terminal connections to the PC
  
• Security: disable sending Remote Assistant queries
  
• Windows Explorer - show extensions of known file types