Results of system analysis

AVZ 4.46 http://z-oleg.com/secur/avz/

Process List

Kernel Space Modules Viewer

Services

Drivers

Autoruns

Internet Explorer extension modules (BHOs, Toolbars ...)

Windows Explorer extension modules

Printing system extensions (print monitors, providers)

Task Scheduler jobs

SPI/LSP settings

LSP settings checked. No errors detected

AVZ Antiviral Toolkit log; AVZ version is 4.46
Scanning started at 05.06.2016 14:05:25
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 05.06.2016 04:00
Heuristic microprograms loaded: 408
PVS microprograms loaded: 10
Digital signatures of system files loaded: 802091
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Ultimate", install date 04.06.2016 15:32:45 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
 >>>> Suspicion for process file masking: \\?\f:\andriy\files\uvs_latest\txsxce
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 8
Extended process analysis: 1860 C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
[ES]:Program code includes networking-related functionality
[ES]:Listens on TCP ports !
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 2420 C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 3860 C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 2480 C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe
[ES]:Program code includes networking-related functionality
[ES]:Listens on TCP ports !
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 3588 \\?\F:\ANDRIY\FILES\UVS_LATEST\txsxce
[ES]:Program code includes networking-related functionality
[ES]:Loads RASAPI DLL - may use dialing ?
 Number of modules loaded: 415
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
>>> C:\Windows\system32\cpldapu\webbrowserpassview.exe HSC: suspicion for File with suspicious name (CH)
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Службы удаленных рабочих столов)
>> Services: potentially dangerous service allowed: SSDPSRV (Обнаружение SSDP)
>> Services: potentially dangerous service allowed: Schedule (Планировщик заданий)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: anonymous user access is enabled
>>> Security: Internet Explorer allows ActiveX, not marked as safe
>>> Security: block ActiveX, not marked as safe, in Internet Explorer
>>> Security: Internet Explorer allows unsigned ActiveX elements
>>> Security: Internet Explorer allows automatic queries of ActiveX administrative elements
>>> Security: Internet Explorer allows running files and applications in IFRAME window without asking user
>> Security: sending Remote Assistant queries is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
 >>  Internet Explorer - ActiveX, not marked as safe, are allowed
 >>  Internet Explorer - signed ActiveX elements are allowed without asking user
 >>  Internet Explorer - unsigned ActiveX elements are allowed
 >>  Internet Explorer - automatic queries of ActiveX operating elements are allowed
 >>  Internet Explorer - running programs and files in IFRAME window is allowed
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
 >>  Dangerous file extensions were detected in the list of trusted types of files
Checking - complete
Files scanned: 424, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 05.06.2016 14:06:41
Time of scanning: 00:01:18
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="google.ru", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="google.com", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="www.kaspersky.com", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="www.kaspersky.ru", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="dnl-03.geo.kaspersky.com", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="dnl-11.geo.kaspersky.com", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="activation-v2.kaspersky.com", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="vk.com", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="vkontakte.ru", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="twitter.com", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="facebook.com", IP="", Ping=Error (11010,0,0.0.0.0)
  Host="ru-ru.facebook.com", IP="", Ping=Error (11010,0,0.0.0.0)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=wininet.dll
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
 Network Persistent Routes

 System Analysis - complete


Script commands
 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:
Performance tweaking: disable service TermService (Службы удаленных рабочих столов)
Performance tweaking: disable service SSDPSRV (Обнаружение SSDP)
Performance tweaking: disable service Schedule (Планировщик заданий)
Security tweaking: disable CD autorun
Security tweaking: disable anonymous user access
Security: block ActiveX, not marked as safe, in Internet Explorer
Security: Internet Explorer allows ActiveX, not marked as safe, without asking user
Security: block unsigned ActiveX elements in Internet Explorer
Security: block automatic queries of ActiveX administrative elements in Internet Explorer
Security: block running files and applications in IFRAME window without asking user in Internet Explorer
Security: disable sending Remote Assistant queries
Windows Explorer - show extensions of known file types

File list