Results of system analysis

AVZ 4.43 http://z-oleg.com/secur/avz/

Process List

Kernel Space Modules Viewer

Services

Drivers

Autoruns

Internet Explorer extension modules (BHOs, Toolbars ...)

Windows Explorer extension modules

Printing system extensions (print monitors, providers)

Task Scheduler jobs

SPI/LSP settings

LSP settings checked. No errors detected

127.0.0.1       activate.adobe.com

127.0.0.1       activate.adobe.com

127.0.0.1       practivate.adobe.com

127.0.0.1       ereg.adobe.com

127.0.0.1       activate.wip3.adobe.com

127.0.0.1       wip3.adobe.com

127.0.0.1       3dns-3.adobe.com

127.0.0.1       3dns-2.adobe.com

127.0.0.1       adobe-dns.adobe.com

127.0.0.1       adobe-dns-2.adobe.com

127.0.0.1       adobe-dns-3.adobe.com

127.0.0.1       ereg.wip3.adobe.com

127.0.0.1       activate-sea.adobe.com

127.0.0.1       wwis-dubc1-vip60.adobe.com

127.0.0.1       activate-sjc0.adobe.com

127.0.0.1       hl2rcv.adobe.com

AVZ Antiviral Toolkit log; AVZ version is 4.43
Scanning started at 26.06.2015 19:40:05
Database loaded: signatures - 297605, NN profile(s) - 2, malware removal microprograms - 56, signature database released 26.06.2015 16:00
Heuristic microprograms loaded: 410
PVS microprograms loaded: 9
Digital signatures of system files loaded: 745363
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Home Premium" ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Error loading driver - operation interrupted [C000036B]
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
 Number of processes found: 30
 Number of modules loaded: 292
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Users\Nele\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  Abnormal SCR files association
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 273600, extracted from archives: 218689, malicious software found 0, suspicions - 0
Scanning finished at 26.06.2015 20:13:34
Time of scanning: 00:33:31
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
Creating archive of files from Quarantine
Creating archive of files from Quarantine - complete
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="77.88.55.66,77.88.55.55,5.255.255.5,5.255.255.55", Ping=OK (0,87,77.88.55.66)
  Host="google.ru", IP="208.117.229.152,208.117.229.151,208.117.229.149,208.117.229.155,208.117.229.148,208.117.229.150,208.117.229.154,208.117.229.153", Ping=OK (0,12,208.117.229.152)
  Host="google.com", IP="208.117.229.150,208.117.229.153,208.117.229.149,208.117.229.148,208.117.229.151,208.117.229.154,208.117.229.152,208.117.229.155", Ping=OK (0,9,208.117.229.150)
  Host="www.kaspersky.com", IP="195.27.252.18", Ping=OK (0,40,195.27.252.18)
  Host="www.kaspersky.ru", IP="195.27.252.110", Ping=OK (0,42,195.27.252.110)
  Host="dnl-03.geo.kaspersky.com", IP="85.12.58.13", Ping=OK (0,37,85.12.58.13)
  Host="dnl-11.geo.kaspersky.com", IP="212.73.221.199", Ping=OK (0,48,212.73.221.199)
  Host="activation-v2.kaspersky.com", IP="195.27.252.50", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="217.20.147.94,217.20.155.58,217.20.156.159", Ping=OK (0,85,217.20.147.94)
  Host="vk.com", IP="87.240.131.99,87.240.143.241,87.240.131.117", Ping=OK (0,62,87.240.131.99)
  Host="vkontakte.ru", IP="95.213.4.245,95.213.4.246,95.213.4.247", Ping=OK (0,68,95.213.4.245)
  Host="twitter.com", IP="199.16.156.70,199.16.156.38,199.16.156.230,199.16.156.102", Ping=OK (0,150,199.16.156.70)
  Host="facebook.com", IP="173.252.120.6", Ping=OK (0,166,173.252.120.6)
  Host="ru-ru.facebook.com", IP="31.13.84.8", Ping=OK (0,28,31.13.84.8)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=wininet.dll
  IE setting ProxyOverride=<local>
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
 Network Persistent Routes

 System Analysis - complete


Script commands
 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:
Performance tweaking: disable service TermService (Remote Desktop Services)
Performance tweaking: disable service SSDPSRV (SSDP Discovery)
Performance tweaking: disable service Schedule (Task Scheduler)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list