Results of system analysis

AVZ 4.43 http://z-oleg.com/secur/avz/

Process List

File namePIDDescriptionCopyrightMD5Information
c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1536Adobe Acrobat Update ServiceCopyright © 2011 Adobe Systems Incorporated. All rights reserved.B1EA9681502EE57F87DB71D726288A5B63.66 kb, rsAh,
created: 23.09.2012 21:43:36,
modified: 23.09.2012 21:43:36
Command line:
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\users\administrator\downloads\avz4\avz4\avz.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2524???????????? ??????? AVZ???????????? ??????? AVZ6497B6E363DCEBA3685AD960F8B84665772.00 kb, rsAh,
created: 21.05.2014 20:33:59,
modified: 23.02.2014 15:04:10
Command line:
"C:\Users\Administrator\Downloads\avz4\avz4\avz.exe"
c:\program files (x86)\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2392Google ChromeCopyright 2012 Google Inc. All rights reserved.345B1798395CEA9C178AFF1784FA2A37821.32 kb, rsAh,
created: 02.11.2013 18:09:05,
modified: 08.05.2014 01:29:35
Command line:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3168.0.562046731\378891689" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,5,14,28 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2372 --ignored=" --type=renderer " /prefetch:822062411
c:\program files (x86)\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3168Google ChromeCopyright 2012 Google Inc. All rights reserved.345B1798395CEA9C178AFF1784FA2A37821.32 kb, rsAh,
created: 02.11.2013 18:09:05,
modified: 08.05.2014 01:29:35
Command line:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
C:\Windows\System32\conhost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1296Console Window Host© Microsoft Corporation. All rights reserved.BF95EA5809E3BBF55370F7CB309FEBD0error getting file info
Command line:
C:\Windows\System32\conhost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1968Console Window Host© Microsoft Corporation. All rights reserved.BF95EA5809E3BBF55370F7CB309FEBD0error getting file info
Command line:
c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3176Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.0DA891CB0703D912CEAFA072F54D002B269.11 kb, rsAh,
created: 15.05.2014 12:10:09,
modified: 15.05.2014 12:10:15
Command line:
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3924Local Manageability ServiceCopyright © 2006-2011, Intel Corporation. All rights reserved.1584DEEAE5AA0E3FB045F3D0EAC585EA318.52 kb, rsAh,
created: 19.07.2011 21:32:38,
modified: 22.02.2011 06:13:46
Command line:
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate		676Local Security Authority Process© Microsoft Corporation. All rights reserved.204F3F58212B3E422C90BD9691A2DF28error getting file info
Command line:
c:\program files (x86)\s-bar\msiservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1940MSI SCM Service Copyright (C) Micro-Star International Co., Ltd. All rights reserved.71C6748EE8DE938532057EF10B4B7E44157.00 kb, rsAh,
created: 24.06.2011 22:52:26,
modified: 24.06.2011 22:52:26
Command line:
"C:\Program Files (x86)\S-Bar\MSIService.exe"
c:\program files (x86)\postgresql\8.4\bin\pg_ctl.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1468pg_ctl - starts/stops/restarts the PostgreSQL serverPortions Copyright (c) 1996-2009, PostgreSQL Global Development Group. Portions Copyright (c) 1994, Regents of the University of California.AFDF4BB9B45EA47BBB06C4BA57DFA1D564.50 kb, rsAh,
created: 29.04.2012 17:02:25,
modified: 08.09.2009 09:48:55
Command line:
"C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe" runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w
c:\windows\syswow64\pnkbstra.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1988  205E1B699FD3F2F9B036EEA2EC30C62075.09 kb, rsAh,
created: 09.03.2012 16:39:22,
modified: 10.03.2012 14:41:47
Command line:
C:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\postgresql\8.4\bin\postgres.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2632PostgreSQL ServerPortions Copyright (c) 1996-2009, PostgreSQL Global Development Group. Portions Copyright (c) 1994, Regents of the University of California.356D6B7E1932917FC89FD143690A10114408.00 kb, rsAh,
created: 29.04.2012 17:02:26,
modified: 08.09.2009 09:47:07
Command line:
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkcol" "900"
c:\program files (x86)\postgresql\8.4\bin\postgres.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1764PostgreSQL ServerPortions Copyright (c) 1996-2009, PostgreSQL Global Development Group. Portions Copyright (c) 1994, Regents of the University of California.356D6B7E1932917FC89FD143690A10114408.00 kb, rsAh,
created: 29.04.2012 17:02:26,
modified: 08.09.2009 09:47:07
Command line:
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" -D "C:/Program Files (x86)/PostgreSQL/8.4/data"
c:\program files (x86)\postgresql\8.4\bin\postgres.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2608PostgreSQL ServerPortions Copyright (c) 1996-2009, PostgreSQL Global Development Group. Portions Copyright (c) 1994, Regents of the University of California.356D6B7E1932917FC89FD143690A10114408.00 kb, rsAh,
created: 29.04.2012 17:02:26,
modified: 08.09.2009 09:47:07
Command line:
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkboot" "892" "-x3"
c:\program files (x86)\postgresql\8.4\bin\postgres.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2616PostgreSQL ServerPortions Copyright (c) 1996-2009, PostgreSQL Global Development Group. Portions Copyright (c) 1994, Regents of the University of California.356D6B7E1932917FC89FD143690A10114408.00 kb, rsAh,
created: 29.04.2012 17:02:26,
modified: 08.09.2009 09:47:07
Command line:
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkboot" "900" "-x4"
c:\program files (x86)\postgresql\8.4\bin\postgres.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2624PostgreSQL ServerPortions Copyright (c) 1996-2009, PostgreSQL Global Development Group. Portions Copyright (c) 1994, Regents of the University of California.356D6B7E1932917FC89FD143690A10114408.00 kb, rsAh,
created: 29.04.2012 17:02:26,
modified: 08.09.2009 09:47:07
Command line:
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkavlauncher" "892"
C:\Windows\System32\smss.exe
Script: Quarantine, Delete, Delete via BC, Terminate		324Windows Session Manager© Microsoft Corporation. All rights reserved.F0970A4BC8395659C22BF53D0FADF16Ferror getting file info
Command line:
c:\users\administrator\appdata\roaming\utorrent\utorrent.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2768µTorrent©2014 BitTorrent, Inc. All Rights Reserved.60E844AE5920B75399DDBD9F3AE1C7A01242.58 kb, rsAh,
created: 21.12.2013 18:29:17,
modified: 18.05.2014 11:00:40
Command line:
"C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
C:\Windows\System32\winlogon.exe
Script: Quarantine, Delete, Delete via BC, Terminate		832Windows Logon Application© Microsoft Corporation. Všetky práva vyhradené.88AB9B72B4BF3963A0DE0820B4B0B06Cerror getting file info
Command line:
C:\Windows\System32\wlanext.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1288Windows Wireless LAN 802.11 Extensibility Framework© Microsoft Corporation. All rights reserved.43FAB56AE5F639AD59D7209693F4C4C275.50 kb, rsAh,
created: 14.07.2009 01:51:56,
modified: 14.07.2009 03:14:46
Command line:
Detected:60, recognized as trusted 50
Module nameHandleDescriptionCopyrightMD5Used by processes
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome.dll
Script: Quarantine, Delete, Delete via BC		1868890112Google ChromeCopyright 2012 Google Inc. All rights reserved.DC00835302E7889EEC47DC2794F04FB23168
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_child.dll
Script: Quarantine, Delete, Delete via BC		1835859968Google ChromeCopyright 2012 Google Inc. All rights reserved.C5A844640F133C58FC8EDB8DE8C5AC2C2392
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
Script: Quarantine, Delete, Delete via BC		1923874816  51802BC4C9C9785B2703ACE07B662E222392, 3168
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll
Script: Quarantine, Delete, Delete via BC		1919287296ANGLE libEGL Dynamic Link LibraryCopyright (C) 2011 Google Inc.9C466E0AAAD8152E652D8E1AAD47F4F62392
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
Script: Quarantine, Delete, Delete via BC		1914699776ANGLE libGLESv2 Dynamic Link LibraryCopyright (C) 2011 Google Inc.B175BE75785744EF33296977EDD6E1832392
C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
Script: Quarantine, Delete, Delete via BC		1933705216 License: MPL 26EEDF7C7209189C6CE0EFE0958C6A85B3176
C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
Script: Quarantine, Delete, Delete via BC		1916796928NSS freebl Library 9055DB4DC34BE6892E6602B25E142D6D3176
C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
Script: Quarantine, Delete, Delete via BC		1816068096 License: MPL 29365C228DF4A979A8A93FA47111EA4583176
C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
Script: Quarantine, Delete, Delete via BC		1821310976ICU Data DLL Copyright (C) 2013, International Business Machines Corporation and others. All Rights Reserved. 62D19DEB04EA4F5130D72D0257067EB03176
C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
Script: Quarantine, Delete, Delete via BC		1929969664ICU I18N DLL Copyright (C) 2013, International Business Machines Corporation and others. All Rights Reserved. 5B40488571FDA3D134C0FB066D2FEE563176
C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
Script: Quarantine, Delete, Delete via BC		1928986624ICU Common DLL Copyright (C) 2013, International Business Machines Corporation and others. All Rights Reserved. 09914BEA36F191FBEA08B093914EF90E3176
C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
Script: Quarantine, Delete, Delete via BC		1933770752 License: MPL 2C654C82E48082964C2B9296B86ACB1463176
C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Script: Quarantine, Delete, Delete via BC		1933180928 License: MPL 26EE61E8C16460D93F1CA1CD53F7E17313176
C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
Script: Quarantine, Delete, Delete via BC		1831927808  D14310E1A49C84E1BFC8851FE5AA5D133176
C:\Program Files (x86)\Mozilla Firefox\nss3.dll
Script: Quarantine, Delete, Delete via BC		1924202496 License: MPL 259025CFCEC86FCCE6119C564108A424B3176
C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
Script: Quarantine, Delete, Delete via BC		1914241024NSS Builtin Trusted Root CAs A7A1877FA8C608B0B3BA5E2AA2CF1F8E3176
C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
Script: Quarantine, Delete, Delete via BC		1931608064Legacy Database Driver EF3700747FC2A131673F90310C1564EC3176
C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
Script: Quarantine, Delete, Delete via BC		1922826240NSS PKCS #11 Library F1EF5F259C665D04D8909750E8D4134E3176
C:\Program Files (x86)\Mozilla Firefox\xul.dll
Script: Quarantine, Delete, Delete via BC		1791164416 License: MPL 2DB7768B13A9EEF3504EB912C96B39A8C3176
C:\Program Files (x86)\S-Bar\MSIWmiAcpi.dll
Script: Quarantine, Delete, Delete via BC		268435456MSIWmiAcpi Dynamic Link LibraryCopyright (C) Micro-Star International Co., Ltd. All rights reserved.BF99516240783951C995CC6342BD0BBB1940
C:\windows\system32\credssp.dll
Script: Quarantine, Delete, Delete via BC		1939800064Credential Delegation Security Package© Microsoft Corporation. All rights reserved.2A86C18CE6869C77FCEB62F3B47D4D5B3168
C:\windows\system32\credui.dll
Script: Quarantine, Delete, Delete via BC		1923481600Credential Manager User Interface© Microsoft Corporation. Všetky práva vyhradené.E9BB0CD09DA17C71FD1B9954D75AEEF73168
C:\windows\system32\d2d1.dll
Script: Quarantine, Delete, Delete via BC		1775042560Microsoft D2D Library© Microsoft Corporation. All rights reserved.14800BD31701A5047AC3145BB1E698AE3176
C:\windows\System32\davclnt.dll
Script: Quarantine, Delete, Delete via BC		1903427584Web DAV Client DLL© Microsoft Corporation. All rights reserved.EAF4712B706936C0B10D3B5319B37E813176
C:\windows\System32\fwpuclnt.dll
Script: Quarantine, Delete, Delete via BC		1915420672FWP/IPsec User-Mode API© Microsoft Corporation. All rights reserved.F0D0E883EBBDC7615DC9EDEA0FFB28172524, 3168, 3176, 1764, 2768
C:\windows\system32\ieframe.DLL
Script: Quarantine, Delete, Delete via BC		1750007808Internet Browser© Microsoft Corporation. Všetky práva vyhradené.2AFBB91BBD2378933B26E6D68C140D1B3176
C:\windows\system32\igd10umd32.dll
Script: Quarantine, Delete, Delete via BC		1778515968LDDM User Mode Driver for Intel(R) Graphics TechnologyCopyright (c) 1998-2006 Intel Corporation.D29439EAB294665DECC257EC256AD21A3176
C:\windows\system32\igdumd32.dll
Script: Quarantine, Delete, Delete via BC		67567616LDDM User Mode Driver for Intel(R) Graphics TechnologyCopyright (c) 1998-2006 Intel Corporation.DE458985A693F2641130B98EAB960E002392
C:\windows\system32\igdumdx32.dll
Script: Quarantine, Delete, Delete via BC		268435456LDDM User Mode Driver for Intel(R) Graphics TechnologyCopyright (c) 1998-2006 Intel Corporation.6E55BB290C808AAB1452DE176E678BCA2392
C:\windows\system32\msls31.dll
Script: Quarantine, Delete, Delete via BC		1959919616Microsoft Line Services library fileCopyright © Microsoft Corp. 1996-1999298FDE634538B62CEEEC266D8773B21A3176
C:\windows\system32\ncrypt.dll
Script: Quarantine, Delete, Delete via BC		1907490816Windows cryptographic library© Microsoft Corporation. All rights reserved.AD7FB087A238883D1618F29F7BBBD5843168, 2768
C:\windows\system32\Secur32.dll
Script: Quarantine, Delete, Delete via BC		1912471552Security Support Provider Interface© Microsoft Corporation. All rights reserved.C94CE65AE7701E9FDBA889045543E27C2524, 2392, 3168, 3176, 1468, 2632, 1764, 2608, 2616, 2624, 2768
C:\windows\System32\shdocvw.dll
Script: Quarantine, Delete, Delete via BC		1933377536Shell Doc Object and Control Library© Microsoft Corporation. Všetky práva vyhradené.2C4A87CA8C00E98EFDCFA2E8EC9A35033168, 3176
C:\windows\system32\WindowsCodecs.dll
Script: Quarantine, Delete, Delete via BC		1898643456Microsoft Windows Codecs Library© Microsoft Corporation. All rights reserved.A054EA8FBE16D4D34F06D81A4F0088E22524, 3176, 2768
C:\windows\syswow64\ADVAPI32.dll
Script: Quarantine, Delete, Delete via BC		1986461696Advanced Windows 32 Base API© Microsoft Corporation. All rights reserved.D67472125471784DE7147946EDA25FEB1536, 2524, 2392, 3168, 3176, 3924, 1940, 1468, 1988, 2632, 1764, 2608, 2616, 2624, 2768
C:\windows\syswow64\CRYPT32.dll
Script: Quarantine, Delete, Delete via BC		1998389248Crypto API32© Microsoft Corporation. Všetky práva vyhradené.CC09E0C9A2D89C6E71D093DC8BD121B71536, 2524, 2392, 3168, 3176, 3924, 1988, 2768
C:\windows\syswow64\GDI32.dll
Script: Quarantine, Delete, Delete via BC		1994850304GDI Client DLL© Microsoft Corporation. All rights reserved.56E3313690866F99CD17AA1342F64AE11536, 2524, 2392, 3168, 3176, 3924, 1940, 1468, 1988, 2632, 1764, 2608, 2616, 2624, 2768
C:\windows\syswow64\iertutil.dll
Script: Quarantine, Delete, Delete via BC		1992359936Run time utility for Internet Explorer© Microsoft Corporation. All rights reserved.05BD47136DE62FAFE9F95B40E41001442524, 2392, 3176, 2768
C:\windows\syswow64\kernel32.dll
Script: Quarantine, Delete, Delete via BC		1967128576Windows NT BASE API Client DLL© Microsoft Corporation. Všetky práva vyhradené.76161B9D78A275F8F28DD674360131101536, 2524, 2392, 3168, 3176, 3924, 1940, 1468, 1988, 2632, 1764, 2608, 2616, 2624, 2768
C:\windows\syswow64\KERNELBASE.dll
Script: Quarantine, Delete, Delete via BC		1973157888Windows NT BASE API Client DLL© Microsoft Corporation. Všetky práva vyhradené.461B713DE7F353C6447B744F1A0499301536, 2524, 2392, 3168, 3176, 3924, 1940, 1468, 1988, 2632, 1764, 2608, 2616, 2624, 2768
C:\windows\syswow64\LPK.dll
Script: Quarantine, Delete, Delete via BC		1986396160Language Pack© Microsoft Corporation. All rights reserved.CC23295DA8F7B5C53F93804D2F5D30EB1536, 2524, 2392, 3168, 3176, 3924, 1940, 1468, 1988, 2632, 1764, 2608, 2616, 2624, 2768
C:\windows\syswow64\RPCRT4.dll
Script: Quarantine, Delete, Delete via BC		1995440128Remote Procedure Call Runtime© Microsoft Corporation. All rights reserved.4DC999CED9429939D75682EBD7D489011536, 2524, 2392, 3168, 3176, 3924, 1940, 1468, 1988, 2632, 1764, 2608, 2616, 2624, 2768
C:\windows\syswow64\SHELL32.dll
Script: Quarantine, Delete, Delete via BC		1973485568Windows Shell Common Dll© Microsoft Corporation. Všetky práva vyhradené.E9D88493FBDB36D4B65C6F2F7F122C951536, 2524, 2392, 3168, 3176, 1940, 1468, 1988, 2768
C:\windows\syswow64\SspiCli.dll
Script: Quarantine, Delete, Delete via BC		1964113920Security Support Provider Interface© Microsoft Corporation. All rights reserved.75878492F2B33405EEF900F8C16C6D081536, 2524, 2392, 3168, 3176, 3924, 1940, 1468, 1988, 2632, 1764, 2608, 2616, 2624, 2768
C:\windows\syswow64\urlmon.dll
Script: Quarantine, Delete, Delete via BC		1964507136OLE32 Extensions for Win32© Microsoft Corporation. Všetky práva vyhradené.76F58DB8F85C125E0D6B3AA42F3BF1D02524
C:\windows\syswow64\wininet.dll
Script: Quarantine, Delete, Delete via BC		1970798592Internet Extensions for Win32© Microsoft Corporation. Všetky práva vyhradené.E4E829EE073E046B0EB19B5FECB19B8C2524, 2392, 3176, 2768
Modules found:194, recognized as trusted 148

Kernel Space Modules Viewer

ModuleBase addressSize in memoryDescriptionManufacturer
C:\windows\System32\advapi32.dll
Script: Quarantine, Delete, Delete via BC		FE5B00000DB000 (897024)Advanced Windows 32 Base API© Microsoft Corporation. All rights reserved.
C:\windows\system32\drivers\afd.sys
Script: Quarantine, Delete, Delete via BC		6CEA000089000 (561152)Ancillary Function Driver for WinSock© Microsoft Corporation. All rights reserved.
C:\windows\System32\apisetschema.dll
Script: Quarantine, Delete, Delete via BC		FF830000050000 (327680)ApiSet Schema DLL© Microsoft Corporation. All rights reserved.
C:\windows\System32\ATMFD.DLL
Script: Quarantine, Delete, Delete via BC		8D0000061000 (397312)Windows NT OpenType/Type 1 Font Driver©1983-1990, 1993-2004 Adobe Systems Inc.
C:\windows\system32\drivers\avgtpx64.sys
Script: Quarantine, Delete, Delete via BC		3C59000010000 (65536)Copyright (c) 2012 AVG Technologies
C:\windows\System32\comctl32.dll
Script: Quarantine, Delete, Delete via BC		FD3900000A0000 (655360)User Experience Controls Library© Microsoft Corporation. Všetky práva vyhradené.
C:\windows\System32\crypt32.dll
Script: Quarantine, Delete, Delete via BC		FD43000016C000 (1490944)Crypto API32© Microsoft Corporation. Všetky práva vyhradené.
C:\windows\system32\drivers\drmk.sys
Script: Quarantine, Delete, Delete via BC		A9AF000022000 (139264)Microsoft Trusted Audio Drivers© Microsoft Corporation. All rights reserved.
C:\windows\System32\Drivers\dump_dumpfve.sys
Script: Quarantine, Delete, Delete via BC		A67B000013000 (77824)
C:\windows\System32\Drivers\dump_iaStor.sys
Script: Quarantine, Delete, Delete via BC		3C69000154000 (1392640)
C:\windows\System32\gdi32.dll
Script: Quarantine, Delete, Delete via BC		FE870000067000 (421888)GDI Client DLL© Microsoft Corporation. All rights reserved.
C:\windows\system32\DRIVERS\GEARAspiWDM.sys
Script: Quarantine, Delete, Delete via BC		8BAF000007000 (28672)CD DVD FilterCopyright (C) GEAR Software Inc. 1997-2012
C:\windows\System32\iertutil.dll
Script: Quarantine, Delete, Delete via BC		FED700002A9000 (2789376)Run time utility for Internet Explorer© Microsoft Corporation. All rights reserved.
C:\windows\system32\DRIVERS\igdkmd64.sys
Script: Quarantine, Delete, Delete via BC		7445000BAA000 (12230656)Intel Graphics Kernel Mode DriverCopyright (c) 1998-2006 Intel Corporation.
C:\windows\System32\imagehlp.dll
Script: Quarantine, Delete, Delete via BC		FF800000019000 (102400)Windows NT Image Helper© Microsoft Corporation. All rights reserved.
C:\windows\System32\kernel32.dll
Script: Quarantine, Delete, Delete via BC		772F000011F000 (1175552)Windows NT BASE API Client DLL© Microsoft Corporation. Všetky práva vyhradené.
C:\windows\System32\KernelBase.dll
Script: Quarantine, Delete, Delete via BC		FD69000006C000 (442368)Windows NT BASE API Client DLL© Microsoft Corporation. Všetky práva vyhradené.
C:\windows\System32\Drivers\ksecdd.sys
Script: Quarantine, Delete, Delete via BC		15A900001B000 (110592)Kernel Security Support Provider Interface© Microsoft Corporation. All rights reserved.
C:\windows\System32\Drivers\ksecpkg.sys
Script: Quarantine, Delete, Delete via BC		15C400002C000 (180224)Kernel Security Support Provider Interface Packages© Microsoft Corporation. All rights reserved.
C:\windows\System32\lpk.dll
Script: Quarantine, Delete, Delete via BC		FD81000000E000 (57344)Language Pack© Microsoft Corporation. All rights reserved.
C:\windows\system32\DRIVERS\NETwNs64.sys
Script: Quarantine, Delete, Delete via BC		82D6000882000 (8921088)Intel® Wireless WiFi Link DriverCopyright © Intel Corporation 2009
C:\windows\System32\Drivers\Ntfs.sys
Script: Quarantine, Delete, Delete via BC		14000001A9000 (1740800)NT File System Driver© Microsoft Corporation. All rights reserved.
C:\windows\system32\ntoskrnl.exe
Script: Quarantine, Delete, Delete via BC		325F0005E5000 (6180864)NT Kernel & System© Microsoft Corporation. All rights reserved.
C:\windows\system32\drivers\nusb3hub.sys
Script: Quarantine, Delete, Delete via BC		A65300001A000 (106496)USB 3.0 Hub Driver(C) 2010-2011 Renesas Electronics Corporation
C:\windows\system32\drivers\nusb3xhc.sys
Script: Quarantine, Delete, Delete via BC		2E00000038000 (229376)USB 3.0 Host Controller Driver(C) 2010-2011 Renesas Electronics Corporation
C:\windows\System32\Drivers\nvBridge.kmd
Script: Quarantine, Delete, Delete via BC		FF80000002000 (8192)NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 269.13 (C) NVIDIA Corporation. All rights reserved.
C:\windows\system32\DRIVERS\nvlddmkm.sys
Script: Quarantine, Delete, Delete via BC		F262000D1E000 (13754368)NVIDIA Windows Kernel Mode Driver, Version 295.73 (C) 2012 NVIDIA Corporation. All rights reserved.
C:\windows\system32\DRIVERS\nvpciflt.sys
Script: Quarantine, Delete, Delete via BC		1B4800000A000 (40960)NVIDIA Windows Kernel Mode Driver, Version 295.73 (C) 2012 NVIDIA Corporation. All rights reserved.
C:\windows\system32\drivers\portcls.sys
Script: Quarantine, Delete, Delete via BC		A97200003D000 (249856)Port Class (Class Driver for Port/Miniport Devices)© Microsoft Corporation. All rights reserved.
C:\windows\System32\rpcrt4.dll
Script: Quarantine, Delete, Delete via BC		FF51000012D000 (1232896)Remote Procedure Call Runtime© Microsoft Corporation. All rights reserved.
C:\windows\system32\DRIVERS\Rt64win7.sys
Script: Quarantine, Delete, Delete via BC		FF82000070000 (458752)Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver Copyright (C) 2011 Realtek Semiconductor Corporation. All Right Reserved.
C:\windows\system32\drivers\RTKVHD64.sys
Script: Quarantine, Delete, Delete via BC		A6C90002A9000 (2789376)Realtek(r) High Definition Audio Function DriverCopyright (c) Realtek Semiconductor Corp.1998-2012
C:\windows\System32\Drivers\RtsUVStor.sys
Script: Quarantine, Delete, Delete via BC		8D4500004F000 (323584)Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7Copyright (C) Realtek Semiconductor Corp.
C:\windows\System32\shell32.dll
Script: Quarantine, Delete, Delete via BC		FD820000D88000 (14188544)Windows Shell Common Dll© Microsoft Corporation. Všetky práva vyhradené.
C:\windows\System32\smss.exe
Script: Quarantine, Delete, Delete via BC		480C0000020000 (131072)Windows Session Manager© Microsoft Corporation. All rights reserved.
C:\windows\System32\Drivers\spwm.sys
Script: Quarantine, Delete, Delete via BC		1009000126000 (1204224)
C:\windows\System32\urlmon.dll
Script: Quarantine, Delete, Delete via BC		FF330000160000 (1441792)OLE32 Extensions for Win32© Microsoft Corporation. Všetky práva vyhradené.
C:\windows\system32\DRIVERS\vwifimp.sys
Script: Quarantine, Delete, Delete via BC		BDBD00000A000 (40960)Virtual WiFi Miniport Driver© Microsoft Corporation. All rights reserved.
C:\windows\System32\win32k.sys
Script: Quarantine, Delete, Delete via BC		080000317000 (3239936)Multi-User Win32 Driver© Microsoft Corporation. Všetky práva vyhradené.
C:\windows\System32\wininet.dll
Script: Quarantine, Delete, Delete via BC		FE94000022F000 (2289664)Internet Extensions for Win32© Microsoft Corporation. Všetky práva vyhradené.
C:\windows\System32\wintrust.dll
Script: Quarantine, Delete, Delete via BC		FD63000003A000 (237568)Microsoft Trust Verification APIs© Microsoft Corporation. All rights reserved.
Modules found - 200, recognized as trusted - 159

Services

ServiceDescriptionStatusFileGroupDependencies
KeyIso
Service: Stop, Delete, Disable, Delete via BC		CNG Key IsolationRunningC:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC		 RpcSs
PnkBstrA
Service: Stop, Delete, Disable, Delete via BC		PnkBstrARunningC:\windows\system32\PnkBstrA.exe
Script: Quarantine, Delete, Delete via BC		  
SamSs
Service: Stop, Delete, Disable, Delete via BC		Security Accounts ManagerRunningC:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC		MS_WindowsLocalValidationRPCSS
AdobeFlashPlayerUpdateSvc
Service: Stop, Delete, Disable, Delete via BC		Adobe Flash Player Update ServiceNot startedC:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Script: Quarantine, Delete, Delete via BC		  
ALG
Service: Stop, Delete, Disable, Delete via BC		Application Layer Gateway ServiceNot startedC:\windows\System32\alg.exe
Script: Quarantine, Delete, Delete via BC		  
EFS
Service: Stop, Delete, Disable, Delete via BC		Encrypting File System (EFS)Not startedC:\windows\System32\lsass.exe
Script: Quarantine, Delete, Delete via BC		 RPCSS
Fax
Service: Stop, Delete, Disable, Delete via BC		FaxNot startedC:\windows\system32\fxssvc.exe
Script: Quarantine, Delete, Delete via BC		 TapiSrv
idsvc
Service: Stop, Delete, Disable, Delete via BC		Windows CardSpaceNot startedC:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
Script: Quarantine, Delete, Delete via BC		  
IEEtwCollectorService
Service: Stop, Delete, Disable, Delete via BC		Internet Explorer ETW Collector ServiceNot startedC:\windows\system32\IEEtwCollector.exe
Script: Quarantine, Delete, Delete via BC		  
MozillaMaintenance
Service: Stop, Delete, Disable, Delete via BC		Mozilla Maintenance ServiceNot startedC:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
Script: Quarantine, Delete, Delete via BC		  
MSDTC
Service: Stop, Delete, Disable, Delete via BC		Distributed Transaction CoordinatorNot startedC:\windows\System32\msdtc.exe
Script: Quarantine, Delete, Delete via BC		 RPCSS
msiserver
Service: Stop, Delete, Disable, Delete via BC		Inštalátor systému WindowsNot startedC:\windows\system32\msiexec.exe
Script: Quarantine, Delete, Delete via BC		 rpcss
MyWiFiDHCPDNS
Service: Stop, Delete, Disable, Delete via BC		Wireless PAN DHCP ServerNot startedC:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
Script: Quarantine, Delete, Delete via BC		 RPCSS
Netlogon
Service: Stop, Delete, Disable, Delete via BC		NetlogonNot startedC:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC		MS_WindowsRemoteValidationLanmanWorkstation
ProtectedStorage
Service: Stop, Delete, Disable, Delete via BC		Protected StorageNot startedC:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC		 RpcSs
RpcLocator
Service: Stop, Delete, Disable, Delete via BC		Remote Procedure Call (RPC) LocatorNot startedC:\windows\system32\locator.exe
Script: Quarantine, Delete, Delete via BC		  
SNMPTRAP
Service: Stop, Delete, Disable, Delete via BC		SNMP TrapNot startedC:\windows\System32\snmptrap.exe
Script: Quarantine, Delete, Delete via BC		  
UI0Detect
Service: Stop, Delete, Disable, Delete via BC		Interactive Services DetectionNot startedC:\windows\system32\UI0Detect.exe
Script: Quarantine, Delete, Delete via BC		  
VaultSvc
Service: Stop, Delete, Disable, Delete via BC		Správca povereníNot startedC:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC		 rpcss
vds
Service: Stop, Delete, Disable, Delete via BC		Virtual DiskNot startedC:\windows\System32\vds.exe
Script: Quarantine, Delete, Delete via BC		 RpcSs
VSS
Service: Stop, Delete, Disable, Delete via BC		Volume Shadow CopyNot startedC:\windows\system32\vssvc.exe
Script: Quarantine, Delete, Delete via BC		 RPCSS
wbengine
Service: Stop, Delete, Disable, Delete via BC		Block Level Backup Engine ServiceNot startedC:\windows\system32\wbengine.exe
Script: Quarantine, Delete, Delete via BC		  
wmiApSrv
Service: Stop, Delete, Disable, Delete via BC		WMI Performance AdapterNot startedC:\windows\system32\wbem\WmiApSrv.exe
Script: Quarantine, Delete, Delete via BC		  
Detected - 176, recognized as trusted - 153

Drivers

ServiceDescriptionStatusFileGroupDependencies
AFD
Driver: Unload, Delete, Disable, Delete via BC		Ancillary Function Driver for WinsockRunningC:\windows\system32\drivers\afd.sys
Script: Quarantine, Delete, Delete via BC		PNP_TDI 
avgtp
Driver: Unload, Delete, Disable, Delete via BC		avgtpRunningC:\windows\system32\drivers\avgtpx64.sys
Script: Quarantine, Delete, Delete via BC		Base 
GEARAspiWDM
Driver: Unload, Delete, Disable, Delete via BC		GEAR ASPI Filter DriverRunningC:\windows\system32\DRIVERS\GEARAspiWDM.sys
Script: Quarantine, Delete, Delete via BC		PnP Filter 
igfx
Driver: Unload, Delete, Disable, Delete via BC		igfxRunningC:\windows\system32\DRIVERS\igdkmd64.sys
Script: Quarantine, Delete, Delete via BC		Video 
IntcAzAudAddService
Driver: Unload, Delete, Disable, Delete via BC		Service for Realtek HD Audio (WDM)RunningC:\windows\system32\drivers\RTKVHD64.sys
Script: Quarantine, Delete, Delete via BC		  
KSecDD
Driver: Unload, Delete, Disable, Delete via BC		KSecDDRunningC:\windows\System32\Drivers\ksecdd.sys
Script: Quarantine, Delete, Delete via BC		Base 
KSecPkg
Driver: Unload, Delete, Disable, Delete via BC		KSecPkgRunningC:\windows\System32\Drivers\ksecpkg.sys
Script: Quarantine, Delete, Delete via BC		Cryptography 
NETwNs64
Driver: Unload, Delete, Disable, Delete via BC		___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 BitRunningC:\windows\system32\DRIVERS\NETwNs64.sys
Script: Quarantine, Delete, Delete via BC		NDIS 
Ntfs
Driver: Unload, Delete, Disable, Delete via BC		NtfsRunningNtfs.sys
Script: Quarantine, Delete, Delete via BC		Boot File System 
nusb3hub
Driver: Unload, Delete, Disable, Delete via BC		Renesas Electronics USB 3.0 Hub DriverRunningC:\windows\system32\drivers\nusb3hub.sys
Script: Quarantine, Delete, Delete via BC		Base 
nusb3xhc
Driver: Unload, Delete, Disable, Delete via BC		Renesas Electronics USB 3.0 Host Controller DriverRunningC:\windows\system32\drivers\nusb3xhc.sys
Script: Quarantine, Delete, Delete via BC		Base 
RSUSBVSTOR
Driver: Unload, Delete, Disable, Delete via BC		RtsUVStor.Sys Realtek USB Card ReaderRunningC:\windows\System32\Drivers\RtsUVStor.sys
Script: Quarantine, Delete, Delete via BC		Base 
RTL8167
Driver: Unload, Delete, Disable, Delete via BC		Realtek 8167 NT DriverRunningC:\windows\system32\DRIVERS\Rt64win7.sys
Script: Quarantine, Delete, Delete via BC		NDIS 
sptd
Driver: Unload, Delete, Disable, Delete via BC		sptdRunningC:\windows\System32\Drivers\sptd.sys
Script: Quarantine, Delete, Delete via BC		Boot Bus Extender 
vwifimp
Driver: Unload, Delete, Disable, Delete via BC		Microsoft Virtual WiFi Miniport ServiceRunningC:\windows\system32\DRIVERS\vwifimp.sys
Script: Quarantine, Delete, Delete via BC		NDIS 
nv_agp
Driver: Unload, Delete, Disable, Delete via BC		NVIDIA nForce AGP Bus FilterNot startedC:\windows\system32\drivers\nv_agp.sys
Script: Quarantine, Delete, Delete via BC		PnP Filter 
nvlddmkm
Driver: Unload, Delete, Disable, Delete via BC		nvlddmkmRunningC:\windows\system32\DRIVERS\nvlddmkm.sys
Script: Quarantine, Delete, Delete via BC		Video 
nvpciflt
Driver: Unload, Delete, Disable, Delete via BC		nvpcifltRunningC:\windows\system32\DRIVERS\nvpciflt.sys
Script: Quarantine, Delete, Delete via BC		  
AcpiPmi
Driver: Unload, Delete, Disable, Delete via BC		ACPI Power Meter DriverNot startedC:\windows\system32\drivers\acpipmi.sys
Script: Quarantine, Delete, Delete via BC		  
adp94xx
Driver: Unload, Delete, Disable, Delete via BC		adp94xxNot startedC:\windows\system32\drivers\adp94xx.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
adpahci
Driver: Unload, Delete, Disable, Delete via BC		adpahciNot startedC:\windows\system32\drivers\adpahci.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
adpu320
Driver: Unload, Delete, Disable, Delete via BC		adpu320Not startedC:\windows\system32\drivers\adpu320.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
aliide
Driver: Unload, Delete, Disable, Delete via BC		aliideNot startedC:\windows\system32\drivers\aliide.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
amdide
Driver: Unload, Delete, Disable, Delete via BC		amdideNot startedC:\windows\system32\drivers\amdide.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
AmdK8
Driver: Unload, Delete, Disable, Delete via BC		AMD K8 Processor DriverNot startedC:\windows\system32\drivers\amdk8.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
AMPPAL
Driver: Unload, Delete, Disable, Delete via BC		Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual AdapterNot startedC:\windows\system32\DRIVERS\AMPPAL.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
AppID
Driver: Unload, Delete, Disable, Delete via BC		AppID DriverNot startedC:\windows\system32\drivers\appid.sys
Script: Quarantine, Delete, Delete via BC		 FltMgr
arc
Driver: Unload, Delete, Disable, Delete via BC		arcNot startedC:\windows\system32\drivers\arc.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
athr
Driver: Unload, Delete, Disable, Delete via BC		Atheros Extensible Wireless LAN device driverNot startedC:\windows\system32\DRIVERS\athrx.sys
Script: Quarantine, Delete, Delete via BC		NDIS 
b06bdrv
Driver: Unload, Delete, Disable, Delete via BC		Broadcom NetXtreme II VBDNot startedC:\windows\system32\drivers\bxvbda.sys
Script: Quarantine, Delete, Delete via BC		base 
b57nd60a
Driver: Unload, Delete, Disable, Delete via BC		Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0Not startedC:\windows\system32\DRIVERS\b57nd60a.sys
Script: Quarantine, Delete, Delete via BC		NDIS 
BrFiltLo
Driver: Unload, Delete, Disable, Delete via BC		Brother USB Mass-Storage Lower Filter DriverNot startedC:\windows\system32\drivers\BrFiltLo.sys
Script: Quarantine, Delete, Delete via BC		extended base 
BrFiltUp
Driver: Unload, Delete, Disable, Delete via BC		Brother USB Mass-Storage Upper Filter DriverNot startedC:\windows\system32\drivers\BrFiltUp.sys
Script: Quarantine, Delete, Delete via BC		extended base 
BridgeMP
Driver: Unload, Delete, Disable, Delete via BC		MAC Bridge MiniportNot startedC:\windows\system32\DRIVERS\bridge.sys
Script: Quarantine, Delete, Delete via BC		PNP_TDI 
Brserid
Driver: Unload, Delete, Disable, Delete via BC		Brother MFC Serial Port Interface Driver (WDM)Not startedC:\windows\System32\Drivers\Brserid.sys
Script: Quarantine, Delete, Delete via BC		  
BrSerWdm
Driver: Unload, Delete, Disable, Delete via BC		Brother WDM Serial driverNot startedC:\windows\System32\Drivers\BrSerWdm.sys
Script: Quarantine, Delete, Delete via BC		  
BrUsbMdm
Driver: Unload, Delete, Disable, Delete via BC		Brother MFC USB Fax Only ModemNot startedC:\windows\System32\Drivers\BrUsbMdm.sys
Script: Quarantine, Delete, Delete via BC		  
BrUsbSer
Driver: Unload, Delete, Disable, Delete via BC		Brother MFC USB Serial WDM DriverNot startedC:\windows\System32\Drivers\BrUsbSer.sys
Script: Quarantine, Delete, Delete via BC		  
BTHMODEM
Driver: Unload, Delete, Disable, Delete via BC		Bluetooth Serial Communications DriverNot startedC:\windows\system32\drivers\bthmodem.sys
Script: Quarantine, Delete, Delete via BC		  
BTHPORT
Driver: Unload, Delete, Disable, Delete via BC		Bluetooth Port DriverNot startedC:\windows\System32\Drivers\BTHport.sys
Script: Quarantine, Delete, Delete via BC		PNP Filter 
btmaux
Driver: Unload, Delete, Disable, Delete via BC		Intel Bluetooth Auxiliary ServiceNot startedC:\windows\system32\DRIVERS\btmaux.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
btmhsf
Driver: Unload, Delete, Disable, Delete via BC		btmhsfNot startedC:\windows\system32\DRIVERS\btmhsf.sys
Script: Quarantine, Delete, Delete via BC		PNP Filter 
catchme
Driver: Unload, Delete, Disable, Delete via BC		catchmeNot startedC:\ComboFix\catchme.sys
Script: Quarantine, Delete, Delete via BC		Base 
cmdide
Driver: Unload, Delete, Disable, Delete via BC		cmdideNot startedC:\windows\system32\drivers\cmdide.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
crcdisk
Driver: Unload, Delete, Disable, Delete via BC		Crcdisk Filter DriverNot startedC:\windows\system32\drivers\crcdisk.sys
Script: Quarantine, Delete, Delete via BC		Pnp Filter 
dot4
Driver: Unload, Delete, Disable, Delete via BC		MS IEEE-1284.4 DriverNot startedC:\windows\system32\DRIVERS\Dot4.sys
Script: Quarantine, Delete, Delete via BC		  
Dot4Print
Driver: Unload, Delete, Disable, Delete via BC		Print Class Driver for IEEE-1284.4Not startedC:\windows\system32\DRIVERS\Dot4Prt.sys
Script: Quarantine, Delete, Delete via BC		  
dot4usb
Driver: Unload, Delete, Disable, Delete via BC		Dot4USB Filter Dot4USB FilterNot startedC:\windows\system32\DRIVERS\dot4usb.sys
Script: Quarantine, Delete, Delete via BC		extended base 
drmkaud
Driver: Unload, Delete, Disable, Delete via BC		Microsoft Trusted Audio DriversNot startedC:\windows\system32\drivers\drmkaud.sys
Script: Quarantine, Delete, Delete via BC		  
ebdrv
Driver: Unload, Delete, Disable, Delete via BC		Broadcom NetXtreme II 10 GigE VBDNot startedC:\windows\system32\drivers\evbda.sys
Script: Quarantine, Delete, Delete via BC		base 
exfat
Driver: Unload, Delete, Disable, Delete via BC		exFAT File System DriverNot startedexfat.sys
Script: Quarantine, Delete, Delete via BC		Boot File System 
Filetrace
Driver: Unload, Delete, Disable, Delete via BC		FiletraceNot startedC:\windows\system32\drivers\filetrace.sys
Script: Quarantine, Delete, Delete via BC		FSFilter Activity MonitorFltMgr
FsDepends
Driver: Unload, Delete, Disable, Delete via BC		File System Dependency MinifilterNot startedC:\windows\system32\drivers\FsDepends.sys
Script: Quarantine, Delete, Delete via BC		Filterfltmgr
gagp30kx
Driver: Unload, Delete, Disable, Delete via BC		Microsoft Generic AGPv3.0 Filter for K8 Processor PlatformsNot startedC:\windows\system32\drivers\gagp30kx.sys
Script: Quarantine, Delete, Delete via BC		PnP Filter 
hcw85cir
Driver: Unload, Delete, Disable, Delete via BC		Hauppauge Consumer Infrared ReceiverNot startedC:\windows\system32\drivers\hcw85cir.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
HidBatt
Driver: Unload, Delete, Disable, Delete via BC		HID UPS Battery DriverNot startedC:\windows\system32\drivers\HidBatt.sys
Script: Quarantine, Delete, Delete via BC		  
HidBth
Driver: Unload, Delete, Disable, Delete via BC		Microsoft Bluetooth HID MiniportNot startedC:\windows\system32\drivers\hidbth.sys
Script: Quarantine, Delete, Delete via BC		extended base 
HpSAMD
Driver: Unload, Delete, Disable, Delete via BC		HpSAMDNot startedC:\windows\system32\drivers\HpSAMD.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
iBtFltCoex
Driver: Unload, Delete, Disable, Delete via BC		iBtFltCoexNot startedC:\windows\system32\DRIVERS\iBtFltCoex.sys
Script: Quarantine, Delete, Delete via BC		PNP Filter 
iirsp
Driver: Unload, Delete, Disable, Delete via BC		iirspNot startedC:\windows\system32\drivers\iirsp.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
intelide
Driver: Unload, Delete, Disable, Delete via BC		intelideNot startedC:\windows\system32\drivers\intelide.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
IpFilterDriver
Driver: Unload, Delete, Disable, Delete via BC		IP Traffic Filter DriverNot startedC:\windows\system32\DRIVERS\ipfltdrv.sys
Script: Quarantine, Delete, Delete via BC		 Tcpip
IPMIDRV
Driver: Unload, Delete, Disable, Delete via BC		IPMIDRVNot startedC:\windows\system32\drivers\IPMIDrv.sys
Script: Quarantine, Delete, Delete via BC		  
IPNAT
Driver: Unload, Delete, Disable, Delete via BC		IP Network Address TranslatorNot startedC:\windows\system32\drivers\ipnat.sys
Script: Quarantine, Delete, Delete via BC		 Tcpip
IRENUM
Driver: Unload, Delete, Disable, Delete via BC		IR Bus EnumeratorNot startedC:\windows\system32\drivers\irenum.sys
Script: Quarantine, Delete, Delete via BC		  
iScsiPrt
Driver: Unload, Delete, Disable, Delete via BC		iScsiPort DriverNot startedC:\windows\system32\drivers\msiscsi.sys
Script: Quarantine, Delete, Delete via BC		  
LGBusEnum
Driver: Unload, Delete, Disable, Delete via BC		Logitech GamePanel Virtual Bus Enumerator DriverNot startedC:\windows\system32\drivers\LGBusEnum.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
LGSHidFilt
Driver: Unload, Delete, Disable, Delete via BC		Logitech Gaming KMDF HID Filter DriverNot startedC:\windows\system32\DRIVERS\LGSHidFilt.Sys
Script: Quarantine, Delete, Delete via BC		Pointer Port 
LGVirHid
Driver: Unload, Delete, Disable, Delete via BC		Logitech Gamepanel Virtual HID Device DriverNot startedC:\windows\system32\drivers\LGVirHid.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
LSI_FC
Driver: Unload, Delete, Disable, Delete via BC		LSI_FCNot startedC:\windows\system32\drivers\lsi_fc.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
LSI_SAS
Driver: Unload, Delete, Disable, Delete via BC		LSI_SASNot startedC:\windows\system32\drivers\lsi_sas.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
LSI_SAS2
Driver: Unload, Delete, Disable, Delete via BC		LSI_SAS2Not startedC:\windows\system32\drivers\lsi_sas2.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
LSI_SCSI
Driver: Unload, Delete, Disable, Delete via BC		LSI_SCSINot startedC:\windows\system32\drivers\lsi_scsi.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
megasas
Driver: Unload, Delete, Disable, Delete via BC		megasasNot startedC:\windows\system32\drivers\megasas.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
MRxDAV
Driver: Unload, Delete, Disable, Delete via BC		WebDav Client Redirector DriverNot startedC:\windows\system32\drivers\mrxdav.sys
Script: Quarantine, Delete, Delete via BC		 rdbss
mshidkmdf
Driver: Unload, Delete, Disable, Delete via BC		Pass-through HID to KMDF Filter DriverNot startedC:\windows\System32\drivers\mshidkmdf.sys
Script: Quarantine, Delete, Delete via BC		Base 
MSKSSRV
Driver: Unload, Delete, Disable, Delete via BC		Microsoft Streaming Service ProxyNot startedC:\windows\system32\drivers\MSKSSRV.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
MSPCLOCK
Driver: Unload, Delete, Disable, Delete via BC		Microsoft Streaming Clock ProxyNot startedC:\windows\system32\drivers\MSPCLOCK.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
MSPQM
Driver: Unload, Delete, Disable, Delete via BC		Microsoft Streaming Quality Manager ProxyNot startedC:\windows\system32\drivers\MSPQM.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
MSTEE
Driver: Unload, Delete, Disable, Delete via BC		Microsoft Streaming Tee/Sink-to-Sink ConverterNot startedC:\windows\system32\drivers\MSTEE.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
NdisCap
Driver: Unload, Delete, Disable, Delete via BC		NDIS Capture LightWeight FilterNot startedC:\windows\system32\DRIVERS\ndiscap.sys
Script: Quarantine, Delete, Delete via BC		NDIS 
nfrd960
Driver: Unload, Delete, Disable, Delete via BC		nfrd960Not startedC:\windows\system32\drivers\nfrd960.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
nvraid
Driver: Unload, Delete, Disable, Delete via BC		nvraidNot startedC:\windows\system32\drivers\nvraid.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
pcmcia
Driver: Unload, Delete, Disable, Delete via BC		pcmciaNot startedC:\windows\system32\drivers\pcmcia.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
Processor
Driver: Unload, Delete, Disable, Delete via BC		Processor DriverNot startedC:\windows\system32\drivers\processr.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
ql40xx
Driver: Unload, Delete, Disable, Delete via BC		ql40xxNot startedC:\windows\system32\drivers\ql40xx.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
QWAVEdrv
Driver: Unload, Delete, Disable, Delete via BC		QWAVE driverNot startedC:\windows\system32\drivers\qwavedrv.sys
Script: Quarantine, Delete, Delete via BC		  
RasAcd
Driver: Unload, Delete, Disable, Delete via BC		Remote Access Auto Connection DriverNot startedC:\windows\system32\DRIVERS\rasacd.sys
Script: Quarantine, Delete, Delete via BC		Streams Drivers 
RDPWD
Driver: Unload, Delete, Disable, Delete via BC		RDP Winstation DriverNot startedRDPWD.sys
Script: Quarantine, Delete, Delete via BC		  
sffdisk
Driver: Unload, Delete, Disable, Delete via BC		SFF Storage Class DriverNot startedC:\windows\system32\drivers\sffdisk.sys
Script: Quarantine, Delete, Delete via BC		  
sffp_mmc
Driver: Unload, Delete, Disable, Delete via BC		SFF Storage Protocol Driver for MMCNot startedC:\windows\system32\drivers\sffp_mmc.sys
Script: Quarantine, Delete, Delete via BC		  
sfloppy
Driver: Unload, Delete, Disable, Delete via BC		High-Capacity Floppy Disk DriveNot startedC:\windows\system32\drivers\sfloppy.sys
Script: Quarantine, Delete, Delete via BC		  
SiSRaid4
Driver: Unload, Delete, Disable, Delete via BC		SiSRaid4Not startedC:\windows\system32\drivers\sisraid4.sys
Script: Quarantine, Delete, Delete via BC		SCSI Miniport 
Smb
Driver: Unload, Delete, Disable, Delete via BC		Protokol TCP/IP orientovaný na správy a protokol TCP/IPv6 (relácia SMB)Not startedC:\windows\system32\DRIVERS\smb.sys
Script: Quarantine, Delete, Delete via BC		PNP_TDITcpip
TsUsbFlt
Driver: Unload, Delete, Disable, Delete via BC		TsUsbFltNot startedC:\windows\system32\drivers\tsusbflt.sys
Script: Quarantine, Delete, Delete via BC		base 
TsUsbGD
Driver: Unload, Delete, Disable, Delete via BC		Remote Desktop Generic USB DeviceNot startedC:\windows\system32\drivers\TsUsbGD.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
uliagpkx
Driver: Unload, Delete, Disable, Delete via BC		Uli AGP Bus FilterNot startedC:\windows\system32\drivers\uliagpkx.sys
Script: Quarantine, Delete, Delete via BC		PnP Filter 
UmPass
Driver: Unload, Delete, Disable, Delete via BC		Microsoft UMPass DriverNot startedC:\windows\system32\drivers\umpass.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
USBAAPL64
Driver: Unload, Delete, Disable, Delete via BC		Apple Mobile USB DriverNot startedC:\windows\system32\Drivers\usbaapl64.sys
Script: Quarantine, Delete, Delete via BC		Base 
usbcir
Driver: Unload, Delete, Disable, Delete via BC		eHome Infrared Receiver (USBCIR)Not startedC:\windows\system32\drivers\usbcir.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
usbscan
Driver: Unload, Delete, Disable, Delete via BC		USB Scanner DriverNot startedC:\windows\system32\DRIVERS\usbscan.sys
Script: Quarantine, Delete, Delete via BC		Base 
usbser
Driver: Unload, Delete, Disable, Delete via BC		Sony Ericsson USB Serial PortNot startedC:\windows\system32\DRIVERS\usbser.sys
Script: Quarantine, Delete, Delete via BC		Base 
vga
Driver: Unload, Delete, Disable, Delete via BC		vgaNot startedC:\windows\system32\DRIVERS\vgapnp.sys
Script: Quarantine, Delete, Delete via BC		Video 
viaide
Driver: Unload, Delete, Disable, Delete via BC		viaideNot startedC:\windows\system32\drivers\viaide.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
WacomPen
Driver: Unload, Delete, Disable, Delete via BC		Wacom Serial Pen HID DriverNot startedC:\windows\system32\drivers\wacompen.sys
Script: Quarantine, Delete, Delete via BC		Extended Base 
WIMMount
Driver: Unload, Delete, Disable, Delete via BC		WIMMountNot startedC:\windows\system32\drivers\wimmount.sys
Script: Quarantine, Delete, Delete via BC		FSFilter Infrastructure 
Detected - 267, recognized as trusted - 161

Autoruns

File nameStatusStartup methodDescription
C:\PROGRA~2\MICROS~1\Office12\1051\MAPIR.DLL
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Outlook, EventMessageFile
C:\Program Files (x86)\Ardaco\QSign Common\SimpleExt.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {5E2121EE-0300-11D4-8D3B-444553540000}
Delete
C:\Program Files (x86)\Ardaco\QSign\EventMessage.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\QSign Integrity, EventMessageFile
C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aimersoft Helper Compact.exe, command
Delete
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk,
C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk,
C:\Program Files\Windows Defender\mpsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinDefend\Parameters, ServiceDll
Delete
C:\Program Files\Wireshark\wireshark.exe
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk,
C:\Program Files\Zoner\Photo Studio 14\Program32\Zps.exe
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 14.lnk,
C:\Program Files\Zoner\Photo Studio 14\Program64\Zps.exe
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 14 x64.lnk,
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
Script: Quarantine, Delete, Delete via BC		ActiveFile in Startup folderC:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk,
C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spotify, EventMessageFile
C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, uTorrent
Delete
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\ASP.NET\2.0.50727.0, DllFullPath
Delete
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 2.0.50727.0, EventMessageFile
C:\Windows\System32\mctadmin.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_USERS, S-1-5-21-649568267-640355484-1299417552-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin
Delete
C:\Windows\System32\webcheck.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {08165EA0-E946-11CF-9C87-00AA005127ED}
Delete
C:\Windows\System32\webcheck.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {F5175861-2688-11d0-9C5E-00AA00A45957}
Delete
C:\Windows\System32\webcheck.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7D559C10-9FE9-11d0-93F7-00AA0059CE02}
Delete
C:\Windows\System32\webcheck.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}
Delete
C:\Windows\System32\webcheck.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}
Delete
C:\Windows\system32\iologmsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Mup, EventMessageFile
C:\bc181c2b59d8bb2df376fe70e5\DW\DW20.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
C:\windows\SysWOW64\AiCM64.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {1AACB93E-AA97-47F1-BD02-8D2AF2815436}
Delete
C:\windows\System32\Audiosrv.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll
Delete
C:\windows\System32\Audiosrv.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters, ServiceDll
Delete
C:\windows\System32\AxInstSV.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll
Delete
C:\windows\System32\AxInstSv.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile
C:\windows\System32\DFDTS.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile
C:\windows\System32\DispCI.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile
C:\windows\System32\Drivers\BthUsb.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\windows\System32\Drivers\Bthport.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHPORT, EventMessageFile
C:\windows\System32\Drivers\Bthport.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\windows\System32\Drivers\NETwNs64.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\NETwNs64, EventMessageFile
C:\windows\System32\Drivers\Pcmcia.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia, EventMessageFile
C:\windows\System32\Drivers\VolSnap.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap, EventMessageFile
C:\windows\System32\Drivers\acpi.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI, EventMessageFile
C:\windows\System32\Drivers\hidbth.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\adp94xx, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\adpahci, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\adpu320, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdsata, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdsbs, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdxata, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\arc, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\arcsas, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\atapi, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\beep, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHPORT, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cdrom, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\disk, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\elxstor, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\exFAT, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HpSAMD, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStor, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iirsp, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_FC, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_SAS, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_SAS2, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_SCSI, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\megasas, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MegaSR, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mpio, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nfrd960, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\partmgr, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ql2300, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ql40xx, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SiSRaid2, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SiSRaid4, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sptd, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\stexstor, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vga, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\volmgr, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vsmraid, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen, EventMessageFile
C:\windows\System32\IoLogMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WMIxWDM, EventMessageFile
C:\windows\System32\MsSpellCheckingFacility.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Spell-Checking, EventMessageFile
C:\windows\System32\MsSpellCheckingFacility.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SpellChecker, EventMessageFile
C:\windows\System32\MsSpellCheckingFacility.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Spell-Checking, EventMessageFile
C:\windows\System32\MsSpellCheckingFacility.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SpellChecker, EventMessageFile
C:\windows\System32\RpcEpMap.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll
Delete
C:\windows\System32\SCardSvr.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll
Delete
C:\windows\System32\SDRSVC.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SDRSVC\Parameters, ServiceDll
Delete
C:\windows\System32\TabSvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll
Delete
C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}, DLLName
Delete
C:\windows\System32\UI0Detect.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile
C:\windows\System32\VSSVC.EXE
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS, EventMessageFile
C:\windows\System32\VSSVC.EXE
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile
C:\windows\System32\WUDFHost.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\{193a1820-d9ac-4997-8c55-be817523f6aa}, HostProcessImagePath
Delete
C:\windows\System32\WUDFSvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll
Delete
C:\windows\System32\WerSvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WerSvc\Parameters, ServiceDll
Delete
C:\windows\System32\aelupsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AeLookupSvc\Parameters, ServiceDll
Delete
C:\windows\System32\aelupsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc, EventMessageFile
C:\windows\System32\appidsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll
Delete
C:\windows\System32\appinfo.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll
Delete
C:\windows\System32\bdesvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BDESVC\Parameters, ServiceDll
Delete
C:\windows\System32\bfe.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll
Delete
C:\windows\System32\browser.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll
Delete
C:\windows\System32\certprop.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll
Delete
C:\windows\System32\certprop.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll
Delete
C:\windows\System32\crypt32.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CAPI2, EventMessageFile
C:\windows\System32\davclnt.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WebClient\NetworkProvider, ProviderPath
Delete
C:\windows\System32\defragsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\defragsvc\Parameters, ServiceDll
Delete
C:\windows\System32\dnsrslvr.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll
Delete
C:\windows\System32\dot3svc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll
Delete
C:\windows\System32\drivers\HECIx64.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MEIx64, EventMessageFile
C:\windows\System32\drivers\MTConfig.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig, EventMessageFile
C:\windows\System32\drivers\Rt64win7.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RTL8167, EventMessageFile
C:\windows\System32\drivers\Wdf01000.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000, EventMessageFile
C:\windows\System32\drivers\amdk8.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8, EventMessageFile
C:\windows\System32\drivers\amdppm.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM, EventMessageFile
C:\windows\System32\drivers\b57nd60a.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b57nd60a, EventMessageFile
C:\windows\System32\drivers\bxvbda.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv, EventMessageFile
C:\windows\System32\drivers\evbda.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv, EventMessageFile
C:\windows\System32\drivers\fltmgr.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile
C:\windows\System32\drivers\i8042prt.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt, EventMessageFile
C:\windows\System32\drivers\iaStor.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStor, EventMessageFile
C:\windows\System32\drivers\iaStorV.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV, EventMessageFile
C:\windows\System32\drivers\intelppm.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm, EventMessageFile
C:\windows\System32\drivers\ipmidrv.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile
C:\windows\System32\drivers\isapnp.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp, EventMessageFile
C:\windows\System32\drivers\kbdclass.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass, EventMessageFile
C:\windows\System32\drivers\kbdhid.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid, EventMessageFile
C:\windows\System32\drivers\mouclass.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass, EventMessageFile
C:\windows\System32\drivers\mouhid.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid, EventMessageFile
C:\windows\System32\drivers\mpio.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mpio, EventMessageFile
C:\windows\System32\drivers\nvstor.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor, EventMessageFile
C:\windows\System32\drivers\parport.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport, EventMessageFile
C:\windows\System32\drivers\processr.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor, EventMessageFile
C:\windows\System32\drivers\sbp2port.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port, EventMessageFile
C:\windows\System32\drivers\serial.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial, EventMessageFile
C:\windows\System32\drivers\sermouse.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse, EventMessageFile
C:\windows\System32\drivers\tsusbflt.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TsUsbFlt, EventMessageFile
C:\windows\System32\drivers\vgapnp.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vga, EventMessageFile
C:\windows\System32\drivers\wacompen.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen, EventMessageFile
C:\windows\System32\drivers\wd.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd, EventMessageFile
C:\windows\System32\eapsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EapHost\Parameters, ServiceDll
Delete
C:\windows\System32\gpsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll
Delete
C:\windows\System32\ikeext.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll
Delete
C:\windows\System32\iologmsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv, EventMessageFile
C:\windows\System32\iologmsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv, EventMessageFile
C:\windows\System32\iologmsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBIOS, EventMessageFile
C:\windows\System32\iphlpsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll
Delete
C:\windows\System32\ipnathlp.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll
Delete
C:\windows\System32\ipsecsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll
Delete
C:\windows\System32\iscsiexe.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile
C:\windows\System32\iscsilog.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile
C:\windows\System32\kerberos.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Kerberos, EventMessageFile
C:\windows\System32\lltdsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll
Delete
C:\windows\System32\lmhsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll
Delete
C:\windows\System32\lsasrv.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile
C:\windows\System32\lsasrv.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile
C:\windows\System32\mdsched.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile
C:\windows\System32\netman.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll
Delete
C:\windows\System32\nlasvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll
Delete
C:\windows\System32\ntvdm64.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wow64 Emulation Layer, EventMessageFile
C:\windows\System32\pcasvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll
Delete
C:\windows\System32\profsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile
C:\windows\System32\profsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile
C:\windows\System32\qmgr.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll
Delete
C:\windows\System32\rasauto.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll
Delete
C:\windows\System32\rasmans.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll
Delete
C:\windows\System32\relpost.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile
C:\windows\System32\samsrv.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile
C:\windows\System32\samsrv.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile
C:\windows\System32\shdocvw.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {00C6D95F-329C-409a-81D7-C46C66EA7F33}
Delete
C:\windows\System32\snmptrap.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile
C:\windows\System32\srvsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, ServiceDll
Delete
C:\windows\System32\ssdpsrv.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll
Delete
C:\windows\System32\sstpsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp, EventMessageFile
C:\windows\System32\swprv.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll
Delete
C:\windows\System32\tbssvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TBS\Parameters, ServiceDll
Delete
C:\windows\System32\tcpmon.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile
C:\windows\System32\termsrv.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll
Delete
C:\windows\System32\trkwks.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll
Delete
C:\windows\System32\umpnpmgr.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager, EventMessageFile
C:\windows\System32\umpo.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile
C:\windows\System32\uxsms.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UxSms\Parameters, ServiceDll
Delete
C:\windows\System32\vds.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service, EventMessageFile
C:\windows\System32\wbiosrvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll
Delete
C:\windows\System32\webclnt.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WebClient\Parameters, ServiceDll
Delete
C:\windows\System32\wecsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc, EventMessageFile
C:\windows\System32\wer.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Error, EventMessageFile
C:\windows\System32\wer.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Error Reporting, EventMessageFile
C:\windows\System32\wercplsupport.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll
Delete
C:\windows\System32\wersvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile
C:\windows\System32\wersvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc, EventMessageFile
C:\windows\System32\wevtsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile
C:\windows\System32\wevtsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile
C:\windows\System32\wiaservc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll
Delete
C:\windows\System32\wiaservc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile
C:\windows\System32\win32k.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
C:\windows\System32\win32k.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k, EventMessageFile
C:\windows\System32\winlogon.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile
C:\windows\System32\winlogon.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile
C:\windows\System32\wkssvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll
Delete
C:\windows\System32\wlansvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters, ServiceDll
Delete
C:\windows\System32\wscsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll
Delete
C:\windows\System32\wscsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile
C:\windows\System32\wwansvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll
Delete
C:\windows\system32\BlbEvents.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile
C:\windows\system32\FntCache.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FontCache\Parameters, ServiceDll
Delete
C:\windows\system32\ListSvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters, ServiceDll
Delete
C:\windows\system32\Mcx2Svc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Mcx2Svc\Parameters, ServiceDll
Delete
C:\windows\system32\Secur32.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Lsa\Performance, Library
Delete
C:\windows\system32\SecureStoreCsp.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Cryptography\Defaults\Provider\SecureStoreCSP, Image Path
Delete
C:\windows\system32\THXCfg64.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, THXCfg64
Delete
C:\windows\system32\WINSAT.EXE
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool, EventMessageFile
C:\windows\system32\WUDFPlatform.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode, EventMessageFile
C:\windows\system32\Wat\WatUX.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Activation Technologies, EventMessageFile
C:\windows\system32\advapi32.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies, EventMessageFile
C:\windows\system32\advapi32.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Boot, EventMessageFile
C:\windows\system32\advapi32.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-General, EventMessageFile
C:\windows\system32\advapi32.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-PnP, EventMessageFile
C:\windows\system32\bthserv.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\bthserv\Parameters, ServiceDll
Delete
C:\windows\system32\certprop.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP, EventMessageFile
C:\windows\system32\cofiredm.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client, EventMessageFile
C:\windows\system32\cofiredm.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server, EventMessageFile
C:\windows\system32\credssp.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\SecurityProviders, SecurityProviders
C:\windows\system32\csrsrv.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS, EventMessageFile
C:\windows\system32\defragsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag, EventMessageFile
C:\windows\system32\dfdts.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic, EventMessageFile
C:\windows\system32\dimsroam.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CertificateServicesClient-CredentialRoaming, EventMessageFile
C:\windows\system32\dps.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DPS\Parameters, ServiceDll
Delete
C:\windows\system32\drivers\HTTP.SYS
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent, EventMessageFile
C:\windows\system32\drivers\fltmgr.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager, EventMessageFile
C:\windows\system32\drivers\fvevol.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver, EventMessageFile
C:\windows\system32\drivers\ntfs.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs, EventMessageFile
C:\windows\system32\drivers\nusb3hub.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nusb3hub, EventMessageFile
C:\windows\system32\drivers\nusb3xhc.sys
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nusb3xhc, EventMessageFile
C:\windows\system32\dwm.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager, EventMessageFile
C:\windows\system32\eapsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost, EventMessageFile
C:\windows\system32\fdPHost.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fdPHost\Parameters, ServiceDll
Delete
C:\windows\system32\fdphost.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost, EventMessageFile
C:\windows\system32\fdrespub.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FDResPub\Parameters, ServiceDll
Delete
C:\windows\system32\fdrespub.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication, EventMessageFile
C:\windows\system32\fveapi.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API, EventMessageFile
C:\windows\system32\fxsevent.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, EventMessageFile
C:\windows\system32\gpsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy, EventMessageFile
C:\windows\system32\ieframe.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application-Addon-Event-Provider, EventMessageFile
C:\windows\system32\iologmsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mrxsmb, EventMessageFile
C:\windows\system32\iologmsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nusb3hub, EventMessageFile
C:\windows\system32\iologmsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nusb3xhc, EventMessageFile
C:\windows\system32\ipbusenum.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IPBusEnum\Parameters, ServiceDll
Delete
C:\windows\system32\ipbusenum.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IPBusEnum, EventMessageFile
C:\windows\system32\iphlpsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc, EventMessageFile
C:\windows\system32\iscsiexe.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters, ServiceDll
Delete
C:\windows\system32\kerberos.dll
Script: Quarantine, Delete, Delete via BC		--?HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Security Packages
C:\windows\system32\kmsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\hkmsvc\Parameters, ServiceDll
Delete
C:\windows\system32\lpksetup.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup, EventMessageFile
C:\windows\system32\lsm.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM, EventMessageFile
C:\windows\system32\lsm.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager, EventMessageFile
C:\windows\system32\microsoft-windows-hal-events.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL, EventMessageFile
C:\windows\system32\microsoft-windows-kernel-power-events.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power, EventMessageFile
C:\windows\system32\microsoft-windows-kernel-processor-power-events.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power, EventMessageFile
C:\windows\system32\mmcss.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MMCSS\Parameters, ServiceDll
Delete
C:\windows\system32\mmcss.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\THREADORDER\Parameters, ServiceDll
Delete
C:\windows\system32\mpssvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters, ServiceDll
Delete
C:\windows\system32\mpssvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall, EventMessageFile
C:\windows\system32\msdtckrm.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\KtmRm\Parameters, ServiceDll
Delete
C:\windows\system32\msv1_0.dll
Script: Quarantine, Delete, Delete via BC		--?HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Authentication Packages
C:\windows\system32\msv1_0.dll
Script: Quarantine, Delete, Delete via BC		--?HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Security Packages
C:\windows\system32\nsisvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\nsi\Parameters, ServiceDll
Delete
C:\windows\system32\nv3dappshext.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {A929C4CE-FD36-4270-B4F5-34ECAC5BD63C}
Delete
C:\windows\system32\nv3dappshext.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E97DEC16-A50D-49bb-AE24-CF682282E08D}
Delete
C:\windows\system32\nvshext.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
Delete
C:\windows\system32\oobe\winsetup.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup, EventMessageFile
C:\windows\system32\p2psvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2psvc\Parameters, ServiceDll
Delete
C:\windows\system32\pnrpauto.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPAutoReg\Parameters, ServiceDll
Delete
C:\windows\system32\pnrpsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2pimsvc\Parameters, ServiceDll
Delete
C:\windows\system32\pnrpsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPsvc\Parameters, ServiceDll
Delete
C:\windows\system32\profsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters, ServiceDll
Delete
C:\windows\system32\psxss.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\windows\system32\qagentRT.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\napagent\Parameters, ServiceDll
Delete
C:\windows\system32\qmgr.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client, EventMessageFile
C:\windows\system32\recovery.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Recovery, EventMessageFile
C:\windows\system32\regsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters, ServiceDll
Delete
C:\windows\system32\rpcrt4.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-RPC-Events, EventMessageFile
C:\windows\system32\rpcss.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcomLaunch\Parameters, ServiceDll
Delete
C:\windows\system32\rpcss.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcSs\Parameters, ServiceDll
Delete
C:\windows\system32\schannel.dll
Script: Quarantine, Delete, Delete via BC		--?HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Security Packages
C:\windows\system32\schedsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Schedule\Parameters, ServiceDll
Delete
C:\windows\system32\schedsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler, EventMessageFile
C:\windows\system32\sdclt.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath,
C:\windows\system32\sdengin2.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup, EventMessageFile
C:\windows\system32\seclogon.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\seclogon\Parameters, ServiceDll
Delete
C:\windows\system32\sensrsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensrSvc\Parameters, ServiceDll
Delete
C:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager, EventMessageFile
C:\windows\system32\sppsvc.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service, EventMessageFile
C:\windows\system32\sppsvc.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests, EventMessageFile
C:\windows\system32\sppuinotify.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\sppuinotify\Parameters, ServiceDll
Delete
C:\windows\system32\srcore.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore, EventMessageFile
C:\windows\system32\sstpsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters, ServiceDll
Delete
C:\windows\system32\sstpsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp, EventMessageFile
C:\windows\system32\sysmain.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SysMain\Parameters, ServiceDll
Delete
C:\windows\system32\sysmain.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\rdyboost\Performance, Library
Delete
C:\windows\system32\tbssvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TBS, EventMessageFile
C:\windows\system32\termsrv.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager, EventMessageFile
C:\windows\system32\termsrv.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService, EventMessageFile
C:\windows\system32\themeservice.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Themes\Parameters, ServiceDll
Delete
C:\windows\system32\tspkg.dll
Script: Quarantine, Delete, Delete via BC		--?HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Security Packages
C:\windows\system32\umpnpmgr.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PlugPlay\Parameters, ServiceDll
Delete
C:\windows\system32\umpnpmgr.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp, EventMessageFile
C:\windows\system32\umpo.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Power\Parameters, ServiceDll
Delete
C:\windows\system32\w32time.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\Parameters, ServiceDll
Delete
C:\windows\system32\w32time.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service, EventMessageFile
C:\windows\system32\w32time.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time, EventMessageFile
C:\windows\system32\w32time.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient, DllName
Delete
C:\windows\system32\w32time.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer, DllName
Delete
C:\windows\system32\wbem\WMIsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters, ServiceDll
Delete
C:\windows\system32\wdigest.dll
Script: Quarantine, Delete, Delete via BC		--?HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Security Packages
C:\windows\system32\webcheck.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, WebCheck
Delete
C:\windows\system32\webcheck.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Delete
C:\windows\system32\wecsvc.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wecsvc\Parameters, ServiceDll
Delete
C:\windows\system32\wecsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector, EventMessageFile
C:\windows\system32\wecsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents, DisplayNameFile
C:\windows\system32\wecsvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector, EventMessageFile
C:\windows\system32\wininet.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Internet Settings, AutoConfigProxy
Delete
C:\windows\system32\wininet.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings, AutoConfigProxy
Delete
C:\windows\system32\wininet.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings, AutoConfigProxy
Delete
C:\windows\system32\wininet.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_USERS, S-1-5-21-649568267-640355484-1299417552-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings, AutoConfigProxy
Delete
C:\windows\system32\winlogon.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon, EventMessageFile
C:\windows\system32\winsrv.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv, EventMessageFile
C:\windows\system32\wlansvc.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig, EventMessageFile
C:\windows\system32\wpdbusenum.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WPDBusEnum\Parameters, ServiceDll
Delete
C:\windows\system32\wsepno.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification, EventMessageFile
C:\windows\system32\wuaueng.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wuauserv\Parameters, ServiceDll
Delete
C:\windows\system32\wuaueng.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
Compact\ASHelper.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aimersoft Helper Compact.exe, command
Delete
Defender\MpEvMsg.dll
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile
Maker\DVDMaker.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile
auditcse.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName
Delete
frapsv64.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, VIDC.FPS1
Delete
igfxdev.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName
Delete
Autoruns items found - 689, recognized as trusted - 331

Internet Explorer extension modules (BHOs, Toolbars ...)

File nameTypeDescriptionManufacturerCLSID
C:\Windows\SysWOW64\ieframe.dll
Script: Quarantine, Delete, Delete via BC		URLSearchHookInternet Browser© Microsoft Corporation. Všetky práva vyhradené.{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
Delete
C:\Program Files (x86)\Internet Explorer\iedvtool.dll
Script: Quarantine, Delete, Delete via BC		Explorer BarNástroje vývojára F12 programu Internet Explorer© Microsoft Corporation. Všetky práva vyhradené.{1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1}
Delete
Items found - 3, recognized as trusted - 1

Windows Explorer extension modules

File nameDestinationDescriptionManufacturerCLSID
Items found - 1, recognized as trusted - 1

Printing system extensions (print monitors, providers)

File nameTypeNameDescriptionManufacturer
AdobePDF.dll
Script: Quarantine, Delete, Delete via BC		MonitorAdobe PDF Port Monitor
CNHF1LM.DLL
Script: Quarantine, Delete, Delete via BC		MonitorBJ Fax Language Monitor1
CNBLM4.DLL
Script: Quarantine, Delete, Delete via BC		MonitorBJ Language Monitor4
CNMLMAA.DLL
Script: Quarantine, Delete, Delete via BC		MonitorCanon BJ Language Monitor MP280 series
localspl.dll
Script: Quarantine, Delete, Delete via BC		MonitorLocal Port
FXSMON.DLL
Script: Quarantine, Delete, Delete via BC		MonitorMicrosoft Shared Fax Monitor
tcpmon.dll
Script: Quarantine, Delete, Delete via BC		MonitorStandard TCP/IP Port
usbmon.dll
Script: Quarantine, Delete, Delete via BC		MonitorUSB Monitor
WSDMon.dll
Script: Quarantine, Delete, Delete via BC		MonitorWSD Port
inetpp.dll
Script: Quarantine, Delete, Delete via BC		ProviderHTTP Print Services
Items found - 11, recognized as trusted - 1

Task Scheduler jobs

File nameJob nameJob stateDescriptionManufacturerPathCommand line
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Script: Quarantine, Delete, Delete via BC		Adobe Flash Player Updater
Script: Delete		Adobe® Flash® Player Update Service 13.0 r0Copyright © 1996 Adobe Systems IncorporatedC:\windows\system32\Tasks\ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
aitagent
Script: Quarantine, Delete, Delete via BC		AitAgent
Script: Delete		C:\windows\system32\Tasks\Microsoft\Windows\Application Experience\ aitagent
C:\windows\system32\aepdu.dll
Script: Quarantine, Delete, Delete via BC		Microsoft Compatibility Appraiser
Script: Delete		Program Compatibility Data Updater© Microsoft Corporation. All rights reserved.C:\windows\system32\Tasks\Microsoft\Windows\Application Experience\ %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
C:\windows\system32\aepdu.dll
Script: Quarantine, Delete, Delete via BC		ProgramDataUpdater
Script: Delete		Program Compatibility Data Updater© Microsoft Corporation. All rights reserved.C:\windows\system32\Tasks\Microsoft\Windows\Application Experience\ %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\windows\ehome\mcupdate
Script: Quarantine, Delete, Delete via BC		mcupdate
Script: Delete		C:\windows\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\mcupdate $(Arg0)
C:\windows\ehome\ehrec
Script: Quarantine, Delete, Delete via BC		RecordingRestart
Script: Delete		C:\windows\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehrec /RestartRecording
C:\windows\ehome\ehrec
Script: Quarantine, Delete, Delete via BC		StartRecording
Script: Delete		C:\windows\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehrec /StartRecording
C:\windows\System32\lpksetup.exe
Script: Quarantine, Delete, Delete via BC		Lpksetup
Script: Delete		Inštalátor jazykového balíka© Microsoft Corporation. Všetky práva vyhradené.C:\windows\system32\Tasks\Microsoft\Windows\MUI\ C:\windows\System32\lpksetup.exe -v
C:\windows\system32\gatherNetworkInfo.vbs
Script: Quarantine, Delete, Delete via BC		GatherNetworkInfo
Script: Delete		C:\windows\system32\Tasks\Microsoft\Windows\NetTrace\ %windir%\system32\gatherNetworkInfo.vbs
C:\Users\Administrator\Desktop\subtitleworkshop251\SubtitleWorkshop251.exe
Script: Quarantine, Delete, Delete via BC		{2EAC48BC-FABB-4144-AA52-768392C1F88D}
Script: Delete		C:\windows\system32\Tasks\ C:\windows\system32\pcalua.exe -a C:\Users\Administrator\Desktop\subtitleworkshop251\SubtitleWorkshop251.exe -d C:\Users\Administrator\Desktop\subtitleworkshop251
C:\Users\Administrator\Desktop\subtitleworkshop251
Script: Quarantine, Delete, Delete via BC		{2EAC48BC-FABB-4144-AA52-768392C1F88D}
Script: Delete		C:\windows\system32\Tasks\ C:\windows\system32\pcalua.exe -a C:\Users\Administrator\Desktop\subtitleworkshop251\SubtitleWorkshop251.exe -d C:\Users\Administrator\Desktop\subtitleworkshop251
E:\setup.exe
Script: Quarantine, Delete, Delete via BC		{43823B59-A1A3-4B34-A501-F39EF59C0BD8}
Script: Delete		C:\windows\system32\Tasks\ C:\windows\system32\pcalua.exe -a E:\setup.exe -d E:\
C:\Users\Administrator\Desktop\PokerStoveSetup124.exe
Script: Quarantine, Delete, Delete via BC		{49F82BD7-D353-4408-B4C3-8299873F9592}
Script: Delete		C:\windows\system32\Tasks\ C:\windows\system32\pcalua.exe -a C:\Users\Administrator\Desktop\PokerStoveSetup124.exe -d C:\Users\Administrator\Desktop
C:\Users\Administrator\AppData\Local\Microsoft\GFWLive\Downloads\4d530fa3e0000001\Content\VCR\install.exe
Script: Quarantine, Delete, Delete via BC		{7C5FD945-5299-45CF-8868-922F01D1A3A7}
Script: Delete		C:\windows\system32\Tasks\ C:\windows\system32\pcalua.exe -a C:\Users\Administrator\AppData\Local\Microsoft\GFWLive\Downloads\4d530fa3e0000001\Content\VCR\install.exe -d C:\Users\Administrator\AppData\Local\Microsoft\GFWLive\Downloads\4d530fa3e0000001\Content\VCR\ -c /q
C:\Users\Administrator\AppData\Local\Microsoft\GFWLive\Downloads\4d530fa3e0000001\Content\VCR\
Script: Quarantine, Delete, Delete via BC		{7C5FD945-5299-45CF-8868-922F01D1A3A7}
Script: Delete		C:\windows\system32\Tasks\ C:\windows\system32\pcalua.exe -a C:\Users\Administrator\AppData\Local\Microsoft\GFWLive\Downloads\4d530fa3e0000001\Content\VCR\install.exe -d C:\Users\Administrator\AppData\Local\Microsoft\GFWLive\Downloads\4d530fa3e0000001\Content\VCR\ -c /q
E:\MP3set4_13\Setup.exe
Script: Quarantine, Delete, Delete via BC		{849DBE49-62E6-4B14-9C67-BE8230510F20}
Script: Delete		C:\windows\system32\Tasks\ C:\windows\system32\pcalua.exe -a E:\MP3set4_13\Setup.exe -d E:\MP3set4_13
E:\MP3set4_13
Script: Quarantine, Delete, Delete via BC		{849DBE49-62E6-4B14-9C67-BE8230510F20}
Script: Delete		C:\windows\system32\Tasks\ C:\windows\system32\pcalua.exe -a E:\MP3set4_13\Setup.exe -d E:\MP3set4_13
c:\program files (x86)\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC		{8E78A38B-C310-4980-85FC-384FA9848BCE}
Script: Delete		Google ChromeCopyright 2012 Google Inc. All rights reserved.C:\windows\system32\Tasks\ "c:\program files (x86)\google\chrome\application\chrome.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=6.16.0.105&LastError=-3
G:\INSTALL.EXE
Script: Quarantine, Delete, Delete via BC		{977FDC60-A303-4C00-91E7-5A0919733DA6}
Script: Delete		C:\windows\system32\Tasks\ C:\windows\system32\pcalua.exe -a G:\INSTALL.EXE -d G:\
C:\Program Files (x86)\Bohemia Interactive\ArmA 2\ARMA2_OA_Build_93160\ARMA2_OA_Build_93160.exe
Script: Quarantine, Delete, Delete via BC		{D37B3976-547C-411F-A09A-714F82A5BFEF}
Script: Delete		7z Setup SFXCopyright (c) 1999-2010 Igor PavlovC:\windows\system32\Tasks\ C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\Bohemia Interactive\ArmA 2\ARMA2_OA_Build_93160\ARMA2_OA_Build_93160.exe" -d "C:\Program Files (x86)\Bohemia Interactive\ArmA 2\ARMA2_OA_Build_93160"
C:\Program Files (x86)\Bohemia Interactive\ArmA 2\ARMA2_OA_Build_93160
Script: Quarantine, Delete, Delete via BC		{D37B3976-547C-411F-A09A-714F82A5BFEF}
Script: Delete		C:\windows\system32\Tasks\ C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\Bohemia Interactive\ArmA 2\ARMA2_OA_Build_93160\ARMA2_OA_Build_93160.exe" -d "C:\Program Files (x86)\Bohemia Interactive\ArmA 2\ARMA2_OA_Build_93160"
c:\program files (x86)\opera\opera.exe
Script: Quarantine, Delete, Delete via BC		{F1DC5B5B-A5BC-4A20-BE9A-944D59044CBC}
Script: Delete		Opera Internet BrowserCopyright © Opera Software 1995-2014C:\windows\system32\Tasks\ "c:\program files (x86)\opera\opera.exe" http://ui.skype.com/ui/0/5.8.0.158.259/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Items found - 86, recognized as trusted - 64

SPI/LSP settings

Namespace providers (NSP)
ManufacturerStatusEXE fileDescriptionGUID
Detected - 10, recognized as trusted - 10
Transport protocol providers (TSP, LSP)
ManufacturerEXE fileDescription
Detected - 11, recognized as trusted - 11
Results of automatic SPI settings check 
LSP settings checked. No errors detected

TCP/UDP ports

PortStatusRemote HostRemote PortApplicationNotes
TCP ports
139LISTENING0.0.0.00[4] System.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
445LISTENING0.0.0.00[4] System.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
5354LISTENING0.0.0.00[1804] mDNSResponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
10000LISTENING0.0.0.00[2768] c:\users\administrator\appdata\roaming\utorrent\utorrent.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
21819LISTENING0.0.0.00[2768] c:\users\administrator\appdata\roaming\utorrent\utorrent.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
49156LISTENING0.0.0.00[676] lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
49212LISTENING0.0.0.00[660] services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
49238ESTABLISHED173.194.70.1885228[3168] c:\program files (x86)\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
49260ESTABLISHED127.0.0.149261[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
49261ESTABLISHED127.0.0.149260[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
51061ESTABLISHED91.235.52.2080[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
60647ESTABLISHED173.194.113.10480[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
61637ESTABLISHED173.194.113.10480[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
62022ESTABLISHED91.235.53.2280[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
62260TIME_WAIT91.235.52.1180[0]   
62274TIME_WAIT91.235.53.2480[0]   
62275TIME_WAIT91.235.53.2480[0]   
62276TIME_WAIT91.235.53.2480[0]   
62277TIME_WAIT91.235.53.2480[0]   
62278TIME_WAIT91.235.53.2480[0]   
62279TIME_WAIT91.235.53.2480[0]   
62280TIME_WAIT91.235.53.2480[0]   
62281TIME_WAIT91.235.53.2480[0]   
62282TIME_WAIT91.235.53.2480[0]   
62283TIME_WAIT91.235.53.2480[0]   
62284ESTABLISHED91.235.53.2480[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
62336TIME_WAIT91.235.52.1180[0]   
63394TIME_WAIT91.235.52.1180[0]   
64241ESTABLISHED91.235.52.1180[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64260ESTABLISHED91.235.53.2480[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64269SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64270SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64271SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64272SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64273SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64274SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64275SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64276SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64277SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64278SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64279SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64280SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64281SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64282SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64283SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64284SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64285SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64286SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64287SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64288SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64289SYN_SENT127.0.0.126143[3176] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
UDP ports
137LISTENING----[4] System.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
138LISTENING----[4] System.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
1900LISTENING----[2768] c:\users\administrator\appdata\roaming\utorrent\utorrent.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
5353LISTENING----[1804] mDNSResponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
21819LISTENING----[2768] c:\users\administrator\appdata\roaming\utorrent\utorrent.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
49152LISTENING----[1804] mDNSResponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
53422LISTENING----[2768] c:\users\administrator\appdata\roaming\utorrent\utorrent.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
53423LISTENING----[2768] c:\users\administrator\appdata\roaming\utorrent\utorrent.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 

Downloaded Program Files (DPF)

File nameDescriptionManufacturerCLSIDSource URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File nameDescriptionManufacturer
C:\windows\system32\FlashPlayerCPLApp.cpl
Script: Quarantine, Delete, Delete via BC		Adobe Flash Player Control Panel AppletCopyright © 1996 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
C:\windows\system32\inetcpl.cpl
Script: Quarantine, Delete, Delete via BC		Internet Control Panel© Microsoft Corporation. Všetky práva vyhradené.
Items found - 19, recognized as trusted - 17

Active Setup

File nameDescriptionManufacturerCLSID
Items found - 0, recognized as trusted - 0

HOSTS file

Hosts file record 
127.0.0.1       localhost
Clear Hosts file

Protocols and handlers

File nameTypeDescriptionManufacturerCLSID
mscoree.dll
Script: Quarantine, Delete, Delete via BC		ProtocolMicrosoft .NET Runtime Execution Engine ()© Microsoft Corporation. All rights reserved.{1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC		ProtocolMicrosoft .NET Runtime Execution Engine ()© Microsoft Corporation. All rights reserved.{1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC		ProtocolMicrosoft .NET Runtime Execution Engine ()© Microsoft Corporation. All rights reserved.{1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
C:\Windows\SysWOW64\urlmon.dll
Script: Quarantine, Delete, Delete via BC		HandlerOLE32 Extensions for Win32 (CDL: Asychronous Pluggable Protocol Handler)© Microsoft Corporation. Všetky práva vyhradené.{3dd53d40-7b8b-11D0-b013-00aa0059ce02}
Delete
C:\Windows\SysWOW64\urlmon.dll
Script: Quarantine, Delete, Delete via BC		HandlerOLE32 Extensions for Win32 (file:, local: Asychronous Pluggable Protocol Handler)© Microsoft Corporation. Všetky práva vyhradené.{79eac9e7-baf9-11ce-8c82-00aa004ba90b}
Delete
C:\Windows\SysWOW64\urlmon.dll
Script: Quarantine, Delete, Delete via BC		HandlerOLE32 Extensions for Win32 (ftp: Asychronous Pluggable Protocol Handler)© Microsoft Corporation. Všetky práva vyhradené.{79eac9e3-baf9-11ce-8c82-00aa004ba90b}
Delete
C:\Windows\SysWOW64\urlmon.dll
Script: Quarantine, Delete, Delete via BC		HandlerOLE32 Extensions for Win32 (http: Asychronous Pluggable Protocol Handler)© Microsoft Corporation. Všetky práva vyhradené.{79eac9e2-baf9-11ce-8c82-00aa004ba90b}
Delete
C:\Windows\SysWOW64\urlmon.dll
Script: Quarantine, Delete, Delete via BC		HandlerOLE32 Extensions for Win32 (https: Asychronous Pluggable Protocol Handler)© Microsoft Corporation. Všetky práva vyhradené.{79eac9e5-baf9-11ce-8c82-00aa004ba90b}
Delete
C:\Windows\SysWOW64\mshtml.dll
Script: Quarantine, Delete, Delete via BC		HandlerMicrosoft (R) HTML Viewer ()© Microsoft Corporation. Všetky práva vyhradené.{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
Delete
C:\Windows\SysWOW64\urlmon.dll
Script: Quarantine, Delete, Delete via BC		HandlerOLE32 Extensions for Win32 (file:, local: Asychronous Pluggable Protocol Handler)© Microsoft Corporation. Všetky práva vyhradené.{79eac9e7-baf9-11ce-8c82-00aa004ba90b}
Delete
C:\Windows\SysWOW64\mshtml.dll
Script: Quarantine, Delete, Delete via BC		HandlerMicrosoft (R) HTML Viewer ()© Microsoft Corporation. Všetky práva vyhradené.{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}
Delete
C:\Windows\SysWOW64\urlmon.dll
Script: Quarantine, Delete, Delete via BC		HandlerOLE32 Extensions for Win32 (mk: Asychronous Pluggable Protocol Handler)© Microsoft Corporation. Všetky práva vyhradené.{79eac9e6-baf9-11ce-8c82-00aa004ba90b}
Delete
C:\Windows\SysWOW64\mshtml.dll
Script: Quarantine, Delete, Delete via BC		HandlerMicrosoft (R) HTML Viewer ()© Microsoft Corporation. Všetky práva vyhradené.{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
Delete
Items found - 21, recognized as trusted - 8

Shared resources

Network namePathNotes
ADMIN$C:\windowsRemote Admin
C$C:\Default share
D$D:\Default share
G$G:\Default share
IPC$Remote IPC
network_installC:\Users\Administrator\Documents\network_install
UsersC:\Users

Suspicious objects

FileDescriptionType
C:\windows\syswow64\KERNELBASE.dll
Script: Quarantine, Delete, Delete via BC		Suspicion for KeyloggerSuspicion for Keylogger or Trojan DLL
C:\windows\syswow64\SspiCli.dll
Script: Quarantine, Delete, Delete via BC		Suspicion for KeyloggerSuspicion for Keylogger or Trojan DLL
C:\windows\syswow64\LPK.dll
Script: Quarantine, Delete, Delete via BC		Suspicion for KeyloggerSuspicion for Keylogger or Trojan DLL
C:\windows\syswow64\iertutil.dll
Script: Quarantine, Delete, Delete via BC		Suspicion for KeyloggerSuspicion for Keylogger or Trojan DLL
C:\windows\system32\WindowsCodecs.dll
Script: Quarantine, Delete, Delete via BC		Suspicion for KeyloggerSuspicion for Keylogger or Trojan DLL
C:\windows\system32\Secur32.dll
Script: Quarantine, Delete, Delete via BC		Suspicion for KeyloggerSuspicion for Keylogger (danger: DLL has a system name, but is not located in a system folder)
C:\windows\System32\fwpuclnt.dll
Script: Quarantine, Delete, Delete via BC		Suspicion for KeyloggerSuspicion for Keylogger or Trojan DLL 

AVZ Antiviral Toolkit log; AVZ version is 4.43
Scanning started at 21.05.2014 20:38:28
Database loaded: signatures - 297612, NN profile(s) - 2, malware removal microprograms - 56, signature database released 21.05.2014 16:00
Heuristic microprograms loaded: 405
PVS microprograms loaded: 9
Digital signatures of system files loaded: 660730
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 6.1.7601, Service Pack 1 "" ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Error loading driver - operation interrupted [C000036B]
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
 Number of processes found: 16
 Number of modules loaded: 194
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\windows\syswow64\KERNELBASE.dll --> Suspicion for Keylogger or Trojan DLL
C:\windows\syswow64\KERNELBASE.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
File quarantined succesfully (C:\windows\syswow64\KERNELBASE.dll)
C:\windows\syswow64\SspiCli.dll --> Suspicion for Keylogger or Trojan DLL
C:\windows\syswow64\SspiCli.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
File quarantined succesfully (C:\windows\syswow64\SspiCli.dll)
C:\windows\syswow64\LPK.dll --> Suspicion for Keylogger or Trojan DLL
C:\windows\syswow64\LPK.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
File quarantined succesfully (C:\windows\syswow64\LPK.dll)
C:\windows\syswow64\iertutil.dll --> Suspicion for Keylogger or Trojan DLL
C:\windows\syswow64\iertutil.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
File quarantined succesfully (C:\windows\syswow64\iertutil.dll)
C:\windows\system32\WindowsCodecs.dll --> Suspicion for Keylogger or Trojan DLL
C:\windows\system32\WindowsCodecs.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
File quarantined succesfully (C:\windows\system32\WindowsCodecs.dll)
File quarantined succesfully (C:\windows\system32\WindowsCodecs.dll)
C:\windows\system32\Secur32.dll --> Suspicion for Keylogger (danger: DLL has a system name, but is not located in a system folder)
C:\windows\system32\Secur32.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
File quarantined succesfully (C:\windows\system32\Secur32.dll)
File quarantined succesfully (C:\windows\system32\Secur32.dll)
C:\windows\System32\fwpuclnt.dll --> Suspicion for Keylogger or Trojan DLL
C:\windows\System32\fwpuclnt.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
File quarantined succesfully (C:\windows\System32\fwpuclnt.dll)
File quarantined succesfully (C:\windows\System32\fwpuclnt.dll)
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Pl?nova? ?loh)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  Protocol prefixes are modified
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
 >>  Folders display settings menu is corrupt
Checking - complete
Files scanned: 142925, extracted from archives: 92492, malicious software found 0, suspicions - 0
Scanning finished at 21.05.2014 20:53:26
Time of scanning: 00:14:58
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
System Analysis in progress
Network diagnostics
 DNS & Ping
  Host "yandex.ru", IP="213.180.193.11,93.158.134.11,213.180.204.11", Ping=OK (0,94,213.180.193.11)
  Host "google.ru", IP="173.194.113.95,173.194.113.88,173.194.113.87", Ping=OK (0,43,173.194.113.95)
  Host "google.com", IP="173.194.113.64,173.194.113.78,173.194.113.69,173.194.113.66,173.194.113.72,173.194.113.73,173.194.113.71,173.194.113.67,173.194.113.65,173.194.113.70,173.194.113.68", Ping=OK (0,44,173.194.113.64)
  Host "www.kaspersky.com", IP="195.27.252.18", Ping=OK (0,59,195.27.252.18)
  Host "www.kaspersky.ru", IP="195.27.252.110", Ping=OK (0,48,195.27.252.110)
  Host "dnl-03.geo.kaspersky.com", IP="38.124.168.125", Ping=OK (0,185,38.124.168.125)
  Host "dnl-11.geo.kaspersky.com", IP="38.117.98.253", Ping=OK (0,137,38.117.98.253)
  Host "activation-v2.kaspersky.com", IP="195.27.252.50", Ping=Error (11010,0,0.0.0.0)
  Host "odnoklassniki.ru", IP="217.20.147.94", Ping=OK (0,98,217.20.147.94)
  Host "vk.com", IP="87.240.131.97,87.240.131.120,87.240.131.99", Ping=OK (0,75,87.240.131.97)
  Host "vkontakte.ru", IP="87.240.156.162,87.240.156.164,87.240.156.163", Ping=OK (0,72,87.240.156.162)
  Host "twitter.com", IP="199.16.156.6,199.16.156.38,199.16.156.102,199.16.156.70", Ping=OK (0,144,199.16.156.6)
  Host "facebook.com", IP="173.252.110.27", Ping=OK (0,147,173.252.110.27)
  Host "ru-ru.facebook.com", IP="31.13.81.128", Ping=OK (0,42,31.13.81.128)
 IE Setup
  AutoConfigURL=""
  AutoConfigProxy="wininet.dll"
  ProxyOverride="*.local"
  ProxyServer=""
Network TCP/IP settings
  Interface: "Pripojenie bezdr?tovej siete 6"
   IPAddress = "255.168.255.254"
   SubnetMask = "255.255.255.0"
   DefaultGateway = "0.0.0.0"
   NameServer = ""
   Domain = ""
   DhcpServer = "255.255.255.255"

 System Analysis - complete


Script commands
 

Add commands to script:
Additional operations:

File list