   AVZ  4.30
   29.09.2008 1:32:57
 :  - 189196,  - 2,   - 56,   28.09.2008 22:20
  : 370
  : 9
    : 73357
  :   
 : 
 Windows: 5.1.2600, Service Pack 3 ; AVZ    
 : 
1.  RootKit  ,   API
1.1   API,   UserMode
  kernel32.dll,      .text
  ntdll.dll,      .text
  user32.dll,      .text
  advapi32.dll,      .text
  ws2_32.dll,      .text
  wininet.dll,      .text
  rasapi32.dll,      .text
  urlmon.dll,      .text
  netapi32.dll,      .text
1.2   API,   KernelMode
   
 SDT  (RVA=085700)
  ntkrnlpa.exe      804D7000
   SDT = 8055C700
   KiST = 80504450 (284)
 : 284, : 0, : 0
1.3  IDT  SYSENTER
    1
    2
  IDT  SYSENTER 
1.4     
   ,       AVZPM
   
1.5   IRP
\FileSystem\ntfs[IRP_MJ_CREATE] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_CLOSE] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_WRITE] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_SET_EA] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 871D11F8 ->   
\FileSystem\ntfs[IRP_MJ_PNP] = 871D11F8 ->   
  
2.  
   : 23
   : 469
  
3.  
  C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\av4.tmp
C:\Program Files\AUTORUN\Autorun Creator\dfj432.dll >>>   Trojan.Win32.Delf.eo ( 08B8AE70 041208B3 001DCF10 00283988 117760)
     (C:\Program Files\AUTORUN\Autorun Creator\dfj432.dll)
C:\Program Files\HACKER\CrackersKit\Rebuilding\ImpRec\Plugin\aspr1.dll >>>   Monitor.Win32.ActualSpy.30 ( 0A3B845C 05B5034A 001CCF9C 0024474F 18432)
     (C:\Program Files\HACKER\CrackersKit\Rebuilding\ImpRec\Plugin\aspr1.dll)
C:\Program Files\MiKTeX 2.7\miktex\bin\cef5conv.exe >>>   Trojan-Dropper.Win32.TopBind ( 09026E46 07885376 003DF1D0 00000000 17920)
     (C:\Program Files\MiKTeX 2.7\miktex\bin\cef5conv.exe)
C:\Program Files\MiKTeX 2.7\miktex\bin\cefconv.exe >>>   Trojan-Dropper.Win32.TopBind ( 093EA59F 07885376 003DF1D0 00000000 17920)
     (C:\Program Files\MiKTeX 2.7\miktex\bin\cefconv.exe)
C:\Program Files\MiKTeX 2.7\miktex\bin\cefsconv.exe >>>   Trojan-Dropper.Win32.TopBind ( 08E9F3E7 07885376 003DF1D0 00000000 17920)
     (C:\Program Files\MiKTeX 2.7\miktex\bin\cefsconv.exe)
     (C:\WINDOWS\faceback.exe)
C:\WINDOWS\faceback.exe >>>>> Trojan-Downloader.Win32.Agent.agzq   
C:\WINDOWS\onfwbsak.dll >>>   Trojan.Win32.Vapsup.fsc ( 005D2D4D 00000000 001550DF 001E9F8C 217088)
     (C:\WINDOWS\onfwbsak.dll)
  C:\WINDOWS\system32\drivers\sptd.sys
       
  00:14:12
            ,
      - http://virusinfo.info
