26.08.2012, 22:17
FakeAV - WinWebSec - Live Security Platinum
Changed a service
Checked for debuggers
Defined Log_API entry: Change to Microsoft Protection Service
Defined Log_API entry: Change to Windows Defender Service
Defined Log_API entry: Change to Windows Security Center Service
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\luafv\Start = 00000004
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\wuauserv\Start = 00000004
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\RunOnce\036DFF85248977E6D1113471F875EF7E = C:\ProgramData\036DFF85248977E6D1113471F875EF7E\036DFF85248977E6D1113471F875EF7E.exe
Detected keylogger functionality
Internet connection: C:\Users\tachion\Desktop\malware\setup.exe Connects to "103.4.224.31" on port 80 (TCP - HTTP).
Opened a service named:xx
Query DNS
Security Center settings change: machine\software\microsoft\security center\antivirusdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\antivirusoverride = 00000001
Security Center settings change: machine\software\microsoft\security center\firewalldisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\firewalloverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\antivirusdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\antivirusoverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\firewalldisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\firewalloverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\updatesdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\updatesdisablenotify = 00000001
System Restore change: machine\software\microsoft\windows nt\currentversion\systemrestore\rpsessioninterval = empty value key
Alex
zobacz w log: te wartości 00000001 to nastepuje w rejestrze zamiana zer na jedynki czyli oznacza to że dana funkcja została wyłączona
[Aby zobaczyć linki, zarejestruj się tutaj]
Treść widoczna jedynie dla zarejestrowanych użytkowników
Changed a service
Checked for debuggers
Defined Log_API entry: Change to Microsoft Protection Service
Defined Log_API entry: Change to Windows Defender Service
Defined Log_API entry: Change to Windows Security Center Service
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\luafv\Start = 00000004
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\wuauserv\Start = 00000004
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\RunOnce\036DFF85248977E6D1113471F875EF7E = C:\ProgramData\036DFF85248977E6D1113471F875EF7E\036DFF85248977E6D1113471F875EF7E.exe
Detected keylogger functionality
Internet connection: C:\Users\tachion\Desktop\malware\setup.exe Connects to "103.4.224.31" on port 80 (TCP - HTTP).
Opened a service named:xx
Query DNS
Security Center settings change: machine\software\microsoft\security center\antivirusdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\antivirusoverride = 00000001
Security Center settings change: machine\software\microsoft\security center\firewalldisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\firewalloverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\antivirusdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\antivirusoverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\firewalldisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\firewalloverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\updatesdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\updatesdisablenotify = 00000001
System Restore change: machine\software\microsoft\windows nt\currentversion\systemrestore\rpsessioninterval = empty value key
Alex
zobacz w log: te wartości 00000001 to nastepuje w rejestrze zamiana zer na jedynki czyli oznacza to że dana funkcja została wyłączona