Results of system analysis

AVZ 5.63 http://z-oleg.com/secur/avz/

Process List

Kernel Space Modules Viewer

Services

Drivers

Autoruns

Internet Explorer extension modules (BHOs, Toolbars ...)

Windows Explorer extension modules

Printing system extensions (print monitors, providers)

Task Scheduler jobs

Namespace providers (NSP)

Transport protocol providers (TSP, LSP)

TCP/UDP ports

Downloaded Program Files (DPF)

Control Panel Applets (CPL)

Active Setup

HOSTS file

Protocols and handlers

Shared resources

Background Intelligent Transfer Service (BITS) Jobs

Suspicious objects

Attention !!! Database was last updated 6/10/2022 it is necessary to update the database (via File - Database update)
AVZ Toolkit log; AVZ version is 5.63 private build [06.10.2022 18:46:05]
Scanning started at 08.12.2022 17:42:34
Database loaded: signatures - 9995, NN profile(s) - 2, malware removal microprograms - 23, signature database released 06.10.2022 16:00
Heuristic microprograms loaded: 417
PVS microprograms loaded: 10
Digital signatures of system files loaded: 638405
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.22621,  "Windows 10 Home" (Windows 10 Home) x64, install date 06.10.2022 17:55:00 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 257
Extended process analysis: 4084 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
[ES]:Application has no visible windows
Extended process analysis: 6440 C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe
[ES]:Program code includes networking-related functionality
[ES]:Listens on TCP ports !
[ES]:Application has no visible windows
 Number of modules loaded: 332
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: sending Remote Assistant queries is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 589, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 08.12.2022 17:43:07
Time of scanning: 00:00:33
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="77.88.55.77,5.255.255.60,5.255.255.5,77.88.55.80", Ping=OK (0,406,77.88.55.77)
  Host="google.ru", IP="142.250.70.131", Ping=OK (0,94,142.250.70.131)
  Host="google.com", IP="142.250.70.206", Ping=OK (0,35,142.250.70.206)
  Host="www.kaspersky.com", IP="218.213.144.7", Ping=Error (11010,0,0.0.0.0)
  Host="www.kaspersky.ru", IP="218.213.144.7", Ping=Error (11010,0,0.0.0.0)
  Host="dnl-03.geo.kaspersky.com", IP="202.163.7.4", Ping=OK (0,392,202.163.7.4)
  Host="dnl-11.geo.kaspersky.com", IP="64.120.119.85", Ping=OK (0,294,64.120.119.85)
  Host="activation-v2.kaspersky.com", IP="218.213.94.62", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="217.20.155.13,217.20.147.1,5.61.23.11", Ping=OK (0,398,217.20.155.13)
  Host="vk.com", IP="87.240.132.72,87.240.132.78,87.240.132.67,93.186.225.194,87.240.129.133,...", Ping=OK (0,396,87.240.132.72)
  Host="vkontakte.ru", IP="87.240.129.133,87.240.132.67,87.240.132.72,87.240.132.78,87.240.137.164,...", Ping=OK (0,378,87.240.129.133)
  Host="twitter.com", IP="104.244.42.193,104.244.42.65", Ping=OK (0,51,104.244.42.193)
  Host="facebook.com", IP="157.240.8.35", Ping=OK (0,64,157.240.8.35)
  Host="ru-ru.facebook.com", IP="157.240.8.18", Ping=OK (0,55,157.240.8.18)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
  Interface: "Wi-Fi"
   IPAddress = "192.168.0.35"
   DHCPIPAddress = "192.168.0.35"
   SubnetMask = "255.255.255.0"
   DHCPSubnetMask = "255.255.255.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "192.168.0.1"
 Network Persistent Routes

• Blocking hooks using Anti-Rootkit
  
• Enable AVZGuard
  
• Operations with AVZPM (true=enable,false=disable)
  
• BootCleaner - import list of deleted files
  
• BootCleaner - import all
  
• Remove traces of deleted files
  
• ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
  
• BootCleaner - activate
  
• Reboot
  
• Insert template for QuarantineFile() - quarantining a file
  
• Insert template for BC_QrFile() - quarantining file via BootCleaner
  
• Insert template for DeleteFile() - deleting a file
  
• Insert template for DelCLSID() - removing a CLSID item from registry
  

• Performance tweaking: disable service TermService (Remote Desktop Services)
  
• Security tweaking: disable CD autorun
  
• Security tweaking: disable administrative shares
  
• Security: disable sending Remote Assistant queries
  
• Windows Explorer - show extensions of known file types