AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 11.05.2010 15:32:43
Database loaded: signatures - 272120, NN profile(s) - 2, malware removal microprograms - 56, signature database released 10.05.2010 22:28
Heuristic microprograms loaded: 383
PVS microprograms loaded: 9
Digital signatures of system files loaded: 199563
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Driver loaded successfully
 SDT found (RVA=085700)
 Kernel ntkrnlpa.exe found in memory at address 804D7000
   SDT = 8055C700
   KiST = 8050446C (284)
Function NtCreateKey (29) intercepted (806237C8->AB22F83E), hook not defined
Function NtCreateThread (35) intercepted (805D0FD2->AB22F834), hook not defined
Function NtDeleteKey (3F) intercepted (80623C64->AB22F843), hook not defined
Function NtDeleteValueKey (41) intercepted (80623E34->AB22F84D), hook not defined
Function NtLoadKey (62) intercepted (806259EC->AB22F852), hook not defined
Function NtOpenProcess (7A) intercepted (805CB3FA->AB22F820), hook not defined
Function NtOpenThread (80) intercepted (805CB686->AB22F825), hook not defined
Function NtReplaceKey (C1) intercepted (8062589C->AB22F85C), hook not defined
Function NtRestoreKey (CC) intercepted (806251A8->AB22F857), hook not defined
Function NtSetValueKey (F7) intercepted (80621D3A->AB22F848), hook not defined
Function NtTerminateProcess (101) intercepted (805D2982->AB22F82F), hook not defined
Functions checked: 284, intercepted: 11, restored: 0
1.3 Checking IDT and SYSENTER
 Analyzing CPU 1
 Analyzing CPU 2
 Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
 Searching for masking processes and drivers - complete
 Driver loaded successfully
1.5 Checking IRP handlers
 Checking - complete
2. Scanning RAM
 Number of processes found: 44
 Number of modules loaded: 485
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Dokumente und Einstellungen\Marko\Lokale Einstellungen\temp\~DF3868.tmp
Direct reading: C:\Dokumente und Einstellungen\Marko\Lokale Einstellungen\temp\~DF7AD4.tmp
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote-Registrierung)
>> Services: potentially dangerous service allowed: TermService (Terminaldienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suchdienst)
>> Services: potentially dangerous service allowed: TlntSvr (Telnet)
>> Services: potentially dangerous service allowed: Schedule (Taskplaner)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting-Remotedesktop-Freigabe)
>> Services: potentially dangerous service allowed: RDSessMgr (Sitzungs-Manager für Remotedesktophilfe)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 111159, extracted from archives: 70681, malicious software found 0, suspicions - 0
Scanning finished at 11.05.2010 16:22:52
Time of scanning: 00:50:11
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference