Results of system analysis

LSP settings checked. No errors detected

127.0.0.1       localhost

AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 12/1/2009 1:43:49 PM
Database loaded: signatures - 251910, NN profile(s) - 2, malware removal microprograms - 56, signature database released 01.12.2009 22:57
Heuristic microprograms loaded: 374
PVS microprograms loaded: 9
Digital signatures of system files loaded: 157427
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 6.0.6001, Service Pack 1 ; AVZ is run with administrator rights
System Restore: enabled
System booted in Safe Mode with Networking
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Error loading driver - operation interrupted [C000035F]
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
 Error loading driver - operation interrupted [C000035F]
2. Scanning RAM
 Number of processes found: 20
 Number of modules loaded: 241
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Windows\system32\RlShellExt.dll --> Suspicion for Keylogger or Trojan DLL
C:\Windows\system32\RlShellExt.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
File quarantined succesfully (C:\Windows\system32\RlShellExt.dll)
C:\Windows\system32\AM.DLL --> Suspicion for Keylogger or Trojan DLL
C:\Windows\system32\AM.DLL>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
File quarantined succesfully (C:\Windows\system32\AM.DLL)
C:\Program Files\Protector Suite QL\farchns.dll --> Suspicion for Keylogger or Trojan DLL
C:\Program Files\Protector Suite QL\farchns.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
File quarantined succesfully (C:\Program Files\Protector Suite QL\farchns.dll)
C:\Program Files\Protector Suite QL\infql2.dll --> Suspicion for Keylogger or Trojan DLL
C:\Program Files\Protector Suite QL\infql2.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
File quarantined succesfully (C:\Program Files\Protector Suite QL\infql2.dll)
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Latent DLL loading through AppInit_DLLs suspected: "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 404144, extracted from archives: 278795, malicious software found 0, suspicions - 0
Scanning finished at 12/1/2009 2:26:32 PM
Time of scanning: 00:42:44
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
Creating archive of files from Quarantine
Creating archive of files from Quarantine - complete
System Analysis in progress


Script commands
 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
Remove traces of deleted files
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:
Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list