Results of system analysis

AVZ 4.32 http://z-oleg.com/secur/avz/

Process List

File namePIDDescriptionCopyrightMD5Information
?
Script: Quarantine, Delete, Delete via BC, Terminate		20236  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		25376  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		25440  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		25588  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		26180  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		26176  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		26628  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		28424  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		27348  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		26312  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		29620  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		10612  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		27024  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		26576  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		33316  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
?
Script: Quarantine, Delete, Delete via BC, Terminate		33448  ???,0.00 kb, rsah,
created: 24.5.2010 20:24:25,
modified: 24.5.2010 20:27:47
Command line:
c:\program files\apoint2k\apntex.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1280Alps Pointing-device Driver for Windows NT/2000/XP/VistaCopyright (C) 1998-2006 Alps Electric Co., Ltd.??44.00 kb, RsAh,
created: 20.3.2008 17:34:50,
modified: 28.3.2006 18:10:10
Command line:
"Apntex.exe"
c:\program files\apoint2k\apoint.exe
Script: Quarantine, Delete, Delete via BC, Terminate		664Alps Pointing-device DriverCopyright (C) 1999-2006 Alps Electric Co., Ltd.??168.00 kb, RsAh,
created: 20.3.2008 17:34:50,
modified: 4.7.2006 16:14:30
Command line:
"C:\Program Files\Apoint2K\Apoint.exe"
c:\progra~1\alwils~1\avast4\ashdisp.exe
Script: Quarantine, Delete, Delete via BC, Terminate		720avast! service GUI componentCopyright (c) 2009 ALWIL Software??79.10 kb, rsAh,
created: 20.3.2008 19:07:32,
modified: 5.2.2009 23:08:45
Command line:
"C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2592avast! e-Mail Scanner ServiceCopyright (c) 2009 ALWIL Software??248.09 kb, rsAh,
created: 20.3.2008 19:07:32,
modified: 5.2.2009 23:08:26
Command line:
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
c:\program files\alwil software\avast4\ashserv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1612avast! antivirus serviceCopyright (c) 2009 ALWIL Software??135.43 kb, rsAh,
created: 20.3.2008 19:07:32,
modified: 5.2.2009 23:08:40
Command line:
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
c:\program files\alwil software\avast4\ashwebsv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2672avast! Web ScannerCopyright (c) 2009 ALWIL Software??344.65 kb, rsAh,
created: 20.3.2008 19:07:32,
modified: 5.2.2009 23:06:04
Command line:
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
c:\program files\alwil software\avast4\aswupdsv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1544avast! Antivirus updating serviceCopyright (c) 2009 ALWIL Software??18.31 kb, rsAh,
created: 20.3.2008 19:07:32,
modified: 5.2.2009 23:01:25
Command line:
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
c:\documents and settings\monika zlámalová\plocha\avz4\avz4\avz.exe
Script: Quarantine, Delete, Delete via BC, Terminate		164388???????????? ??????? AVZ???????????? ??????? AVZ??733.00 kb, rsAh,
created: 24.5.2010 20:24:25,
modified: 21.8.2009 14:40:32,
name contains national symbols
Command line:
"C:\Documents and Settings\Monika Zlámalová\Plocha\avz4\avz4\avz.exe"
c:\windows\system32\ctfmon.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3260CTF Loader© Microsoft Corporation. All rights reserved.??15.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
"C:\WINDOWS\system32\ctfmon.exe"
c:\windows\explorer.exe
Script: Quarantine, Delete, Delete via BC, Terminate		280Průzkumník Windows© Microsoft Corporation. Všechna práva vyhrazena.??1008.50 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\Explorer.EXE
c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		158420Firefox©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.??888.96 kb, rsAh,
created: 20.3.2008 20:00:39,
modified: 13.5.2010 8:42:45
Command line:
"C:\Program Files\Mozilla Firefox\firefox.exe"
c:\documents and settings\monika zlámalová\dokumenty\stažené soubory\hijackthis.exe
Script: Quarantine, Delete, Delete via BC, Terminate		160692HijackThis(c) 2007 Trend Micro Inc??392.30 kb, rsAh,
created: 24.5.2010 19:30:04,
modified: 24.5.2010 19:30:09,
name contains national symbols
Command line:
"C:\Documents and Settings\Monika Zlámalová\Dokumenty\Stažené soubory\HijackThis.exe"
c:\windows\system32\hkcmd.exe
Script: Quarantine, Delete, Delete via BC, Terminate		700hkcmd ModuleCopyright 1999-2006, Intel Corporation??156.00 kb, rsAh,
created: 21.5.2010 21:27:25,
modified: 8.2.2008 9:48:36
Command line:
"C:\WINDOWS\system32\hkcmd.exe"
c:\program files\icq6toolbar\icq service.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2196ICQIEUpdater ModuleCopyright 2007??217.74 kb, rsAh,
created: 13.9.2008 13:59:40,
modified: 1.6.2009 22:20:12
Command line:
"C:\Program Files\ICQ6Toolbar\ICQ Service.exe"
c:\windows\system32\igfxext.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1708igfxext ModuleCopyright 1999-2006, Intel Corporation??160.00 kb, rsAh,
created: 20.3.2008 17:40:37,
modified: 8.2.2008 9:48:06
Command line:
C:\WINDOWS\system32\igfxext.exe -Embedding
c:\windows\system32\igfxpers.exe
Script: Quarantine, Delete, Delete via BC, Terminate		712persistence ModuleCopyright 1999-2006, Intel Corporation??128.00 kb, rsAh,
created: 20.3.2008 17:40:37,
modified: 8.2.2008 9:48:10
Command line:
"C:\WINDOWS\system32\igfxpers.exe"
c:\windows\system32\igfxsrvc.exe
Script: Quarantine, Delete, Delete via BC, Terminate		896igfxsrvc ModuleCopyright 1999-2006, Intel Corporation??244.00 kb, rsAh,
created: 20.3.2008 17:40:36,
modified: 8.2.2008 9:47:56
Command line:
C:\WINDOWS\system32\igfxsrvc.exe -Embedding
c:\windows\system32\igfxtray.exe
Script: Quarantine, Delete, Delete via BC, Terminate		680igfxTray ModuleCopyright 1999-2006, Intel Corporation??132.00 kb, rsAh,
created: 20.3.2008 17:40:37,
modified: 8.2.2008 9:48:36
Command line:
"C:\WINDOWS\system32\igfxtray.exe"
c:\progra~1\launch~1\lmanager.exe
Script: Quarantine, Delete, Delete via BC, Terminate		648Launch ManagerCopyright (c) Dritek System Inc.??662.77 kb, rsAh,
created: 4.4.2007 9:02:00,
modified: 4.4.2007 9:02:00
Command line:
"C:\PROGRA~1\LAUNCH~1\LManager.exe"
c:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate		940LSA Shell (Export Version)© Microsoft Corporation. All rights reserved.??13.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\system32\lsass.exe
c:\program files\t-mobile\web'n'walk manager\manager.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3292Web'n'walk Manager ??933.88 kb, rsAh,
created: 25.10.2007 19:16:58,
modified: 25.10.2007 19:16:58
Command line:
"C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe"
c:\program files\messenger\msmsgs.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3268Windows MessengerCopyright (c) Microsoft Corporation 2004??1628.50 kb, rsah,
created: 20.3.2008 16:42:05,
modified: 17.8.2004 16:58:18
Command line:
"C:\Program Files\Messenger\msmsgs.exe" /background
c:\windows\system32\notepad.exe
Script: Quarantine, Delete, Delete via BC, Terminate		141684Poznámkový blok© Microsoft Corporation. Všechna práva vyhrazena.??68.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Documents and Settings\Monika Zlámalová\Dokumenty\Stažené soubory\hijackthis.log
c:\windows\rthdcpl.exe
Script: Quarantine, Delete, Delete via BC, Terminate		620Realtek HD Audio Control PanelCopyright (c) 2004 Realtek Semiconductor Corp.??15959.50 kb, Rsah,
created: 20.3.2008 17:21:53,
modified: 10.5.2007 12:08:00
Command line:
"C:\WINDOWS\RTHDCPL.EXE"
c:\docume~1\monika~1\locals~1\temp\rtkbtmnt.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2068Realtek HD Audio Data Rerouter2006 (c) Realtek Semiconductor. All rights reserved.??204.00 kb, rsAh,
created: 20.3.2008 17:30:10,
modified: 20.3.2008 17:30:10
Command line:
C:\DOCUME~1\MONIKA~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\rundll32.exe
Script: Quarantine, Delete, Delete via BC, Terminate		672Run a DLL as an App© Microsoft Corporation. Všechna práva vyhrazena.??32.50 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
"C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		924Services and Controller app© Microsoft Corporation. Všechna práva vyhrazena.??108.50 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 9.2.2009 12:11:38
Command line:
C:\WINDOWS\system32\services.exe
c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate		5940Skype (c) Skype Technologies S.A.??25488.79 kb, RsAh,
created: 9.3.2010 10:02:14,
modified: 9.3.2010 10:02:14
Command line:
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
c:\program files\skype\toolbars\shared\skypenames2.exe
Script: Quarantine, Delete, Delete via BC, Terminate		63716SkypeNames(c) Skype Technologies S.A.??229.29 kb, rsAh,
created: 24.11.2009 11:32:22,
modified: 24.11.2009 11:32:22
Command line:
"C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe" -Embedding
c:\program files\skype\plugin manager\skypepm.exe
Script: Quarantine, Delete, Delete via BC, Terminate		156660Skype Extras ManagerSkype Limited??76.18 kb, RsAh,
created: 9.3.2010 10:02:14,
modified: 9.3.2010 10:02:14
Command line:
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" /SILENT
c:\windows\system32\spoolsv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1984Spooler SubSystem App© Microsoft Corporation. All rights reserved.??56.50 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1320Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1100Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2136Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3320Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\system32\svchost.exe
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2164Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\system32\svchost.exe -k bthsvcs
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1148Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\system32\svchost -k rpcss
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		157252Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		157248Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		157700Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2292Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
svchost.exe "C:\WINDOWS\system32\1028s.exe"
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2316Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		157384Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		42472Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1188Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1256Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\system32\svchost.exe -k NetworkService
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		158096Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		157648Generic Host Process for Win32 Services© Microsoft Corporation. All rights reserved.??14.00 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\System32\svchost.exe
c:\program files\spybot - search & destroy\teatimer.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3348System settings protector© 2000-2009 Safer-Networking Ltd. Alle Rechte vorbehalten.??2207.50 kb, RSAH,
created: 4.8.2009 15:33:41,
modified: 5.3.2009 16:07:20
Command line:
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
c:\windows\system32\winlogon.exe
Script: Quarantine, Delete, Delete via BC, Terminate		876Windows NT Logon Application© Microsoft Corporation. Všechna práva vyhrazena.??490.50 kb, rsAh,
created: 2.3.2006 14:00:00,
modified: 2.3.2006 14:00:00
Command line:
winlogon.exe
c:\windows\system32\wbem\wmiapsrv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		151308WMI Performance Adapter Service© Microsoft Corporation. Všechna práva vyhrazena.??123.50 kb, rsAh,
created: 20.3.2008 16:41:13,
modified: 2.3.2006 14:00:00
Command line:
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\program files\internet explorer\wmpscfgs.exe
Script: Quarantine, Delete, Delete via BC, Terminate		156512  ??error getting file info
Command line:
"C:\Program Files\Internet Explorer\wmpscfgs.exe"
c:\windows\system32\wuaucldt.exe
Script: Quarantine, Delete, Delete via BC, Terminate		159496  ??29.07 kb, rsAh,
created: 24.5.2010 16:02:18,
modified: 24.5.2010 16:02:18
Command line:
c:\windows\system32\wuaucldt.exe
c:\windows\system32\wuauclt.exe
Script: Quarantine, Delete, Delete via BC, Terminate		164520Windows Update© Microsoft Corporation. All rights reserved.??52.22 kb, rsAh,
created: 20.3.2008 16:43:41,
modified: 6.8.2009 19:24:06
Command line:
"C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[4a4]SUSDS3af9f0028d059c4da58c872bc5cf6e54
c:\windows\system32\wuauclt.exe
Script: Quarantine, Delete, Delete via BC, Terminate		156448Windows Update© Microsoft Corporation. All rights reserved.??52.22 kb, rsAh,
created: 20.3.2008 16:43:41,
modified: 6.8.2009 19:24:06
Command line:
"C:\WINDOWS\system32\wuauclt.exe"
Detected:74, recognized as trusted 48
Module nameHandleDescriptionCopyrightMD5Used by processes
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Windows Server\ljpdea.dll
Script: Quarantine, Delete, Delete via BC		40108032  --1612, 280, 158420, 160692, 3292, 5940, 1188
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Windows Server\ljpdea.dll
Script: Quarantine, Delete, Delete via BC		17432576  --664, 1100
C:\Program Files\Alwil Software\Avast4\asw5Ldr.dll
Script: Quarantine, Delete, Delete via BC		43712512asw5Ldr componentCopyright (C) 2010 ALWIL Software--1612
C:\Program Files\Alwil Software\Avast4\Czech\Base.dll
Script: Quarantine, Delete, Delete via BC		1711800320avast! Czech Basic ModuleCopyright (c) 2009 ALWIL Software--720, 2592, 1612, 2672
C:\Program Files\Alwil Software\Avast4\Czech\Lang.dll
Script: Quarantine, Delete, Delete via BC		1712324608avast! Main Czech ModuleCopyright (c) 2009 ALWIL Software--720, 2592
C:\Program Files\Alwil Software\Avast4\Czech\langmai.dll
Script: Quarantine, Delete, Delete via BC		1716518912Czech language DLL for avast! e-Mail ScannerCopyright (c) 2009 ALWIL Software--2592
C:\Program Files\Apoint2K\Apntex.exe
Script: Quarantine, Delete, Delete via BC		4194304Alps Pointing-device Driver for Windows NT/2000/XP/VistaCopyright (C) 1998-2006 Alps Electric Co., Ltd.??1280
C:\Program Files\Apoint2K\Apoint.DLL
Script: Quarantine, Delete, Delete via BC		11468800Alps Pointing-device DriverCopyright (C) 1998-2006 Alps Electric Co., Ltd.--1280, 664
C:\Program Files\Apoint2K\Apoint.exe
Script: Quarantine, Delete, Delete via BC		4194304Alps Pointing-device DriverCopyright (C) 1999-2006 Alps Electric Co., Ltd.??664
C:\Program Files\Apoint2K\ApResCZ.dll
Script: Quarantine, Delete, Delete via BC		13303808Alps Pointing-device DriverCopyright (C) 1998-2006 Alps Electric Co., Ltd.--664
C:\Program Files\Apoint2K\EzAuto.dll
Script: Quarantine, Delete, Delete via BC		15728640Alps pointing device extensionCopyright (C) Alps Electric Co., Ltd. 1998-2006--664
C:\Program Files\Apoint2K\EzLaunch.DLL
Script: Quarantine, Delete, Delete via BC		17694720Easy LauncherCopyright (C) 1999-2006 Alps Electric Co., Ltd.--664
C:\Program Files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
Script: Quarantine, Delete, Delete via BC		74842112ToolBand ModuleCopyright 2001--158420
C:\Program Files\Internet Explorer\wmpscfgs.exe
Script: Quarantine, Delete, Delete via BC		4194304  ??156512
C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
Script: Quarantine, Delete, Delete via BC		20774912 License: MPL 1.1/GPL 2.0/LGPL 2.1--158420
C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
Script: Quarantine, Delete, Delete via BC		24313856 License: MPL 1.1/GPL 2.0/LGPL 2.1--158420
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
Script: Quarantine, Delete, Delete via BC		48234496Skype extension for Firefox(c) Skype Technologies S.A.--158420
C:\Program Files\Mozilla Firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC		4194304Firefox©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.??158420
C:\Program Files\Mozilla Firefox\freebl3.dll
Script: Quarantine, Delete, Delete via BC		67633152NSS freebl Library --158420
C:\Program Files\Mozilla Firefox\js3250.dll
Script: Quarantine, Delete, Delete via BC		5111808  --158420
C:\Program Files\Mozilla Firefox\MOZCRT19.dll
Script: Quarantine, Delete, Delete via BC		2014511104User-Generated Microsoft (R) C/C++ Runtime LibraryCopyright (C) Microsoft Corporation.--158420
C:\Program Files\Mozilla Firefox\nspr4.dll
Script: Quarantine, Delete, Delete via BC		3407872NSPR Library --158420
C:\Program Files\Mozilla Firefox\nss3.dll
Script: Quarantine, Delete, Delete via BC		6160384NSS Base Library --158420
C:\Program Files\Mozilla Firefox\nssckbi.dll
Script: Quarantine, Delete, Delete via BC		71303168NSS Builtin Trusted Root CAs --158420
C:\Program Files\Mozilla Firefox\nssdbm3.dll
Script: Quarantine, Delete, Delete via BC		67502080Legacy Database Driver --158420
C:\Program Files\Mozilla Firefox\nssutil3.dll
Script: Quarantine, Delete, Delete via BC		3735552NSS Utility Library --158420
C:\Program Files\Mozilla Firefox\plc4.dll
Script: Quarantine, Delete, Delete via BC		3866624PLC Library --158420
C:\Program Files\Mozilla Firefox\plds4.dll
Script: Quarantine, Delete, Delete via BC		3932160PLDS Library --158420
C:\Program Files\Mozilla Firefox\smime3.dll
Script: Quarantine, Delete, Delete via BC		3604480NSS S/MIME Library --158420
C:\Program Files\Mozilla Firefox\softokn3.dll
Script: Quarantine, Delete, Delete via BC		67305472NSS PKCS #11 Library --158420
C:\Program Files\Mozilla Firefox\sqlite3.dll
Script: Quarantine, Delete, Delete via BC		2883584SQLite Database Library --158420
C:\Program Files\Mozilla Firefox\ssl3.dll
Script: Quarantine, Delete, Delete via BC		3997696NSS SSL Library --158420
C:\Program Files\Mozilla Firefox\xpcom.dll
Script: Quarantine, Delete, Delete via BC		4128768 License: MPL 1.1/GPL 2.0/LGPL 2.1--158420
C:\Program Files\Mozilla Firefox\xul.dll
Script: Quarantine, Delete, Delete via BC		268435456 License: MPL 1.1/GPL 2.0/LGPL 2.1--158420
C:\Program Files\Skype\Phone\Skype.exe
Script: Quarantine, Delete, Delete via BC		4194304Skype (c) Skype Technologies S.A.??5940
C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll
Script: Quarantine, Delete, Delete via BC		12582912Skype Extras Manager UtilitesEasyBits Media AS--156660
C:\Program Files\Skype\Plugin Manager\skypePM.exe
Script: Quarantine, Delete, Delete via BC		4194304Skype Extras ManagerSkype Limited??156660
C:\Program Files\Skype\Toolbars\Shared\NameParserComponent2.dll
Script: Quarantine, Delete, Delete via BC		17563648Skype name parser component(c) Skype Technologies S.A.--63716
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
Script: Quarantine, Delete, Delete via BC		4194304SkypeNames(c) Skype Technologies S.A.??63716
C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll
Script: Quarantine, Delete, Delete via BC		53084160Skype Phone Number Recognizer(c) Skype Technologies S.A.--158420
C:\Program Files\Smart PDF Converter\ExplorerExt.dll
Script: Quarantine, Delete, Delete via BC		15138816ExplorerExt ModuleCopyright 2007--280
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
Script: Quarantine, Delete, Delete via BC		4194304Web'n'walk Manager ??3292
C:\Program Files\WinRAR\rarlng.dll
Script: Quarantine, Delete, Delete via BC		21037056  --280
C:\PROGRA~1\LAUNCH~1\LManager.exe
Script: Quarantine, Delete, Delete via BC		4194304Launch ManagerCopyright (c) Dritek System Inc.??648
C:\PROGRA~1\LAUNCH~1\MMDUtl.DLL
Script: Quarantine, Delete, Delete via BC		22347776Multi-Monitor Switch Library.Copyright (C) Dritek System Inc. All rights reserved.--648
C:\WINDOWS\system32\app_dll.dll
Script: Quarantine, Delete, Delete via BC		268435456  --1280, 664, 720, 2592, 1612, 2672, 1544, 164388, 3260, 280, 158420, 160692, 700, 2196, 1708, 712, 896, 680, 648, 940, 3292, 3268, 141684, 620, 2068, 672, 924, 5940, 63716, 156660, 1984, 1320, 1100, 2136, 3320, 2164, 1148, 157252, 157248, 157700, 2292, 2316, 157384, 42472, 1188, 1256, 158096, 157648, 3348, 876, 151308, 156512, 159496, 164520, 156448
C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server\ljpdea.dll
Script: Quarantine, Delete, Delete via BC		31195136  --2592, 620, 924, 3320, 157384, 158096, 876, 159496
C:\WINDOWS\system32\VXDIF.DLL
Script: Quarantine, Delete, Delete via BC		4063232VxdifCopyright (C) 1999-2006 Alps Electric Co., Ltd.--1280, 664
C:\WINDOWS\system32\WgaLogon.dll
Script: Quarantine, Delete, Delete via BC		20316160Windows Genuine Advantage Notification© 1995-2008 Microsoft Corporation--876
c:\windows\system32\wuaucldt.exe
Script: Quarantine, Delete, Delete via BC		4194304  ??159496
Modules found:465, recognized as trusted 415

Kernel Space Modules Viewer

ModuleBase addressSize in memoryDescriptionManufacturer
C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
Script: Quarantine, Delete, Delete via BC		F6B1900001F000 (126976)Alps Touch Pad DriverCopyright (C) Alps Electric Co., Ltd. 1999-2006
C:\WINDOWS\System32\Drivers\dump_atapi.sys
Script: Quarantine, Delete, Delete via BC		A96B1000018000 (98304)
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Script: Quarantine, Delete, Delete via BC		F7B96000002000 (8192)
C:\WINDOWS\system32\DRIVERS\ethpdrv.sys
Script: Quarantine, Delete, Delete via BC		F79E6000008000 (32768)Ethernet Packet Driver
C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
Script: Quarantine, Delete, Delete via BC		A98E60000B4000 (737280)HSF_CNXT driverCopyright© Conexant Systems, Inc. 2006
C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
Script: Quarantine, Delete, Delete via BC		A999A000103000 (1060864)HSF_DP driverCopyright© Conexant Systems, Inc. 2006
C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
Script: Quarantine, Delete, Delete via BC		A9A9D00003D000 (249856)HSF_HWAZL WDM driverCopyright© Conexant Systems, Inc. 2006
C:\WINDOWS\system32\Drivers\NDIS.sys
Script: Quarantine, Delete, Delete via BC		8620500002CA80 (182912)
C:\WINDOWS\system32\DRIVERS\xaudio.sys
Script: Quarantine, Delete, Delete via BC		F79C6000008000 (32768)Modem Audio Device DriverCopyright© Conexant Systems, Inc. 2006
C:\WINDOWS\system32\Drivers\zzmaa.sys
Script: Quarantine, Delete, Delete via BC		F7483000134000 (1261568)
Modules found - 144, recognized as trusted - 134

Services

ServiceDescriptionStatusFileGroupDependencies
Messengerose
Service: Stop, Delete, Disable		Kurýrní služba MessengeroseNot startedC:\WINDOWS\system32\1028s.exe
Script: Quarantine, Delete, Delete via BC		  
XAudioService
Service: Stop, Delete, Disable		XAudioServiceNot startedC:\WINDOWS\system32\DRIVERS\xaudio.exe
Script: Quarantine, Delete, Delete via BC		  
Detected - 87, recognized as trusted - 85

Drivers

ServiceDescriptionStatusFileGroupDependencies
ApfiltrService
Driver: Unload, Delete, Disable		Alps Pointing-device Filter DriverRunningC:\WINDOWS\system32\DRIVERS\Apfiltr.sys
Script: Quarantine, Delete, Delete via BC		Pointer Port 
Ethpdrv
Driver: Unload, Delete, Disable		Ethernet Packet DriverRunningC:\WINDOWS\system32\DRIVERS\ethpdrv.sys
Script: Quarantine, Delete, Delete via BC		PNP_TDI 
HSF_DPV
Driver: Unload, Delete, Disable		HSF_DPVRunningC:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
Script: Quarantine, Delete, Delete via BC		  
HSXHWAZL
Driver: Unload, Delete, Disable		HSXHWAZLRunningC:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
Script: Quarantine, Delete, Delete via BC		  
NDIS
Driver: Unload, Delete, Disable		Systémový ovladač NDISRunningNDIS.sys
Script: Quarantine, Delete, Delete via BC		  
winachsf
Driver: Unload, Delete, Disable		winachsfRunningC:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
Script: Quarantine, Delete, Delete via BC		  
Abiosdsk
Driver: Unload, Delete, Disable		AbiosdskNot startedAbiosdsk.sys
Script: Quarantine, Delete, Delete via BC		Primary disk 
abp480n5
Driver: Unload, Delete, Disable		abp480n5Not startedabp480n5.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
adpu160m
Driver: Unload, Delete, Disable		adpu160mNot startedadpu160m.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
Aha154x
Driver: Unload, Delete, Disable		Aha154xNot startedAha154x.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
aic78u2
Driver: Unload, Delete, Disable		aic78u2Not startedaic78u2.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
aic78xx
Driver: Unload, Delete, Disable		aic78xxNot startedaic78xx.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
AliIde
Driver: Unload, Delete, Disable		AliIdeNot startedAliIde.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
amsint
Driver: Unload, Delete, Disable		amsintNot startedamsint.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
asc
Driver: Unload, Delete, Disable		ascNot startedasc.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
asc3350p
Driver: Unload, Delete, Disable		asc3350pNot startedasc3350p.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
asc3550
Driver: Unload, Delete, Disable		asc3550Not startedasc3550.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
Atdisk
Driver: Unload, Delete, Disable		AtdiskNot startedAtdisk.sys
Script: Quarantine, Delete, Delete via BC		Primary disk 
cd20xrnt
Driver: Unload, Delete, Disable		cd20xrntNot startedcd20xrnt.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
Changer
Driver: Unload, Delete, Disable		ChangerNot startedChanger.sys
Script: Quarantine, Delete, Delete via BC		Filter 
CmdIde
Driver: Unload, Delete, Disable		CmdIdeNot startedCmdIde.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
Cpqarray
Driver: Unload, Delete, Disable		CpqarrayNot startedCpqarray.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
dac960nt
Driver: Unload, Delete, Disable		dac960ntNot starteddac960nt.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
dpti2o
Driver: Unload, Delete, Disable		dpti2oNot starteddpti2o.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
hpn
Driver: Unload, Delete, Disable		hpnNot startedhpn.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
i2omgmt
Driver: Unload, Delete, Disable		i2omgmtNot startedi2omgmt.sys
Script: Quarantine, Delete, Delete via BC		SCSI Class 
i2omp
Driver: Unload, Delete, Disable		i2ompNot startedi2omp.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
igfx
Driver: Unload, Delete, Disable		igfxNot startedC:\WINDOWS\system32\DRIVERS\igdkmd32.sys
Script: Quarantine, Delete, Delete via BC		Video 
ini910u
Driver: Unload, Delete, Disable		ini910uNot startedini910u.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
IntelIde
Driver: Unload, Delete, Disable		IntelIdeNot startedIntelIde.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
lbrtfdc
Driver: Unload, Delete, Disable		lbrtfdcNot startedlbrtfdc.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
mraid35x
Driver: Unload, Delete, Disable		mraid35xNot startedmraid35x.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
PCIDump
Driver: Unload, Delete, Disable		PCIDumpNot startedPCIDump.sys
Script: Quarantine, Delete, Delete via BC		PCI Configuration 
PDCOMP
Driver: Unload, Delete, Disable		PDCOMPNot startedPDCOMP.sys
Script: Quarantine, Delete, Delete via BC		  
PDFRAME
Driver: Unload, Delete, Disable		PDFRAMENot startedPDFRAME.sys
Script: Quarantine, Delete, Delete via BC		  
PDRELI
Driver: Unload, Delete, Disable		PDRELINot startedPDRELI.sys
Script: Quarantine, Delete, Delete via BC		  
PDRFRAME
Driver: Unload, Delete, Disable		PDRFRAMENot startedPDRFRAME.sys
Script: Quarantine, Delete, Delete via BC		  
perc2
Driver: Unload, Delete, Disable		perc2Not startedperc2.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
perc2hib
Driver: Unload, Delete, Disable		perc2hibNot startedperc2hib.sys
Script: Quarantine, Delete, Delete via BC		Filter 
ql1080
Driver: Unload, Delete, Disable		ql1080Not startedql1080.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
Ql10wnt
Driver: Unload, Delete, Disable		Ql10wntNot startedQl10wnt.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
ql12160
Driver: Unload, Delete, Disable		ql12160Not startedql12160.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
ql1240
Driver: Unload, Delete, Disable		ql1240Not startedql1240.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
ql1280
Driver: Unload, Delete, Disable		ql1280Not startedql1280.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
Simbad
Driver: Unload, Delete, Disable		SimbadNot startedSimbad.sys
Script: Quarantine, Delete, Delete via BC		Filter 
Sparrow
Driver: Unload, Delete, Disable		SparrowNot startedSparrow.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
sym_hi
Driver: Unload, Delete, Disable		sym_hiNot startedsym_hi.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
sym_u3
Driver: Unload, Delete, Disable		sym_u3Not startedsym_u3.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
symc810
Driver: Unload, Delete, Disable		symc810Not startedsymc810.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
symc8xx
Driver: Unload, Delete, Disable		symc8xxNot startedsymc8xx.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
TosIde
Driver: Unload, Delete, Disable		TosIdeNot startedTosIde.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
ultra
Driver: Unload, Delete, Disable		ultraNot startedultra.sys
Script: Quarantine, Delete, Delete via BC		SCSI miniport 
ViaIde
Driver: Unload, Delete, Disable		ViaIdeNot startedViaIde.sys
Script: Quarantine, Delete, Delete via BC		System Bus Extender 
WDICA
Driver: Unload, Delete, Disable		WDICANot startedWDICA.sys
Script: Quarantine, Delete, Delete via BC		  
Detected - 206, recognized as trusted - 152

Autoruns

File nameStatusStartup methodDescription
C:\Documents and Settings\Monika Zlámalová\Data aplikací\onbbw.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman
C:\Documents and Settings\Monika Zlámalová\csrss.exe,explorer.exe,C:\Documents and Settings\Monika Zlámalová\Data aplikací\onbbw.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_CURRENT_USER, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell
C:\PROGRA~1\LAUNCH~1\LManager.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, LManager
Delete
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Documents and Settings\Monika Zlámalová\Data aplikací\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Monika Zlámalová\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk,
C:\Program Files\Apoint2K\Apoint.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Apoint
Delete
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, SmileyApp
Delete
C:\Program Files\ICQ6.5\ICQ.exe
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Documents and Settings\Monika Zlámalová\Data aplikací\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Monika Zlámalová\Data aplikací\Microsoft\Internet Explorer\Quick Launch\ICQ6.5.lnk,
C:\Program Files\Mozilla Firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Documents and Settings\Monika Zlámalová\Data aplikací\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Monika Zlámalová\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk,
C:\Program Files\Skype\Phone\Skype.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Skype
Delete
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, T-Mobile Communication Centre
Delete
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, 12CFG214-K641-12SF-N85P
Delete
C:\WINDOWS\System32\hidserv.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HidServ\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\igmpv2.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile
Delete
C:\WINDOWS\System32\ipbootp.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile
Delete
C:\WINDOWS\System32\iprip2.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile
Delete
C:\WINDOWS\System32\ospf.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF, EventMessageFile
Delete
C:\WINDOWS\System32\ospfmib.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib, EventMessageFile
Delete
C:\WINDOWS\System32\polagent.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent, EventMessageFile
Delete
C:\WINDOWS\System32\spmsg.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\NtServicePack, EventMessageFile
Delete
C:\WINDOWS\System32\spmsg.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WgaNotify, EventMessageFile
Delete
C:\WINDOWS\System32\spmsg.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Installer 3.1, EventMessageFile
Delete
C:\WINDOWS\System32\spmsg.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WindowsMedia, EventMessageFile
Delete
C:\WINDOWS\System32\tssdis.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir, EventMessageFile
Delete
C:\WINDOWS\system32\KB905474\wgasetup.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WgaSetup, EventMessageFile
Delete
C:\WINDOWS\system32\MsSip1.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1, $DLL
Delete
C:\WINDOWS\system32\MsSip2.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2, $DLL
Delete
C:\WINDOWS\system32\MsSip3.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3, $DLL
Delete
C:\WINDOWS\system32\psxss.exe
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\WINDOWS\system32\regedit.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Regedit32
Delete
C:\WINDOWS\system32\stisvc.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System, EventMessageFile
Delete
SDEvents.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2, EventMessageFile
Delete
WgaLogon.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon, DLLName
Delete
c:\documents and settings\monika zlámalová\wuaucldt.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, syncman
Delete
c:\windows\system32\wuaucldt.exe
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, syncman
Delete
kbd101.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver JPN
Delete
kbd101a.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver KOR
Delete
mvfs32.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_USERS, .DEFAULT\Control Panel\IOProcs, MVB
Delete
mvfs32.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_USERS, S-1-5-19\Control Panel\IOProcs, MVB
Delete
mvfs32.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_USERS, S-1-5-20\Control Panel\IOProcs, MVB
Delete
mvfs32.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_USERS, S-1-5-18\Control Panel\IOProcs, MVB
Delete
mvfs32.dll
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_CURRENT_USER, Control Panel\IOProcs, MVB
Delete
vgafix.fon
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon
Delete
vgaoem.fon
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon
Delete
vgasys.fon
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon
Delete
Autoruns items found - 537, recognized as trusted - 493

Internet Explorer extension modules (BHOs, Toolbars ...)

File nameTypeDescriptionManufacturerCLSID
Extension module{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
Delete
C:\Program Files\ICQ6.5\ICQ.exe
Script: Quarantine, Delete, Delete via BC		Extension moduleICQCopyright (c) 1998-2008 ICQ, LLC.{E59EB121-F339-4851-A3BA-FE49C35617C2}
Delete
Items found - 17, recognized as trusted - 15

Windows Explorer extension modules

File nameDestinationDescriptionManufacturerCLSID
deskpan.dll
Script: Quarantine, Delete, Delete via BC		Rozšíření panelu Zobrazení pro panoramatické zobrazení{42071714-76d4-11d1-8b24-00a0c9068ff3}
Delete
Rozšíření prostředí pro kompresi souborů{764BF0E1-F219-11ce-972D-00AA00A14F56}
Delete
Kontextová nabídka šifrování{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
Delete
Hlavní panel a nabídka Start{0DF44EAA-FF21-4412-828E-260A8728E7F1}
Delete
rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
Script: Quarantine, Delete, Delete via BC		Autoplay for SlideShow{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
Delete
Uživatelské účty{7A9D77BD-5403-11d2-8785-2E0420524153}
Delete
Items found - 182, recognized as trusted - 176

Printing system extensions (print monitors, providers)

File nameTypeNameDescriptionManufacturer
Items found - 9, recognized as trusted - 9

Task Scheduler jobs

File nameJob nameJob stateDescriptionManufacturer
C:\WINDOWS\system32\KB905474\wgasetup.exe
Script: Quarantine, Delete, Delete via BC		WGASetup.jobThe task is ready to run at its next scheduled time.Nastavení programu Windows Genuine Advantage Notification© 1995-2008 Microsoft Corporation
Items found - 1, recognized as trusted - 0

SPI/LSP settings

Namespace providers (NSP)
ManufacturerStatusEXE fileDescriptionGUID
Detected - 4, recognized as trusted - 4
Transport protocol providers (TSP, LSP)
ManufacturerEXE fileDescription
Detected - 24, recognized as trusted - 24
Results of automatic SPI settings check 
LSP settings checked. No errors detected

TCP/UDP ports

PortStatusRemote HostRemote PortApplicationNotes
TCP ports
80LISTENING0.0.0.045250[5940] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
135LISTENING0.0.0.055505[1148] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
443LISTENING0.0.0.045138[5940] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
445LISTENING0.0.0.028893[4] System
Script: Quarantine, Delete, Delete via BC, Terminate		 
1102CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
1940CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
3202CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
4005CLOSE_WAIT208.80.152.280[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
5199ESTABLISHED94.76.206.2443[158096] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025LISTENING0.0.0.024674[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117459[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117522[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117534[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117548[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117553[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117559[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117571[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117572[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117573[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117586[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117587[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117588[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117589[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117590[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117591[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117592[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117593[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117594[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117595[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117596[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117597[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117598[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117599[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117600[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117601[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117602[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117603[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117604[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117605[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117606[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117607[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117608[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117609[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117610[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117611[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117612[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117613[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117614[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117615[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117616[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117617[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117618[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117619[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117620[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117621[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117622[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117623[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117624[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117625[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117626[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117627[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117628[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117629[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117630[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117631[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117645[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117646[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117647[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117648[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117649[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117650[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117651[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117652[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117653[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117654[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117655[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117656[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117657[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117658[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117659[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117660[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117661[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117662[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117663[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117664[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117665[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117666[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117667[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117668[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117669[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117670[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117671[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117672[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117673[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117674[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117675[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117676[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117677[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117678[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117679[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117680[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117681[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117682[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117683[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117684[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117685[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117686[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117687[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117688[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117689[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117690[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117691[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117692[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117693[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117694[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117695[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117696[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117697[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117698[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117699[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117700[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117701[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117703[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117704[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117705[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117706[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117707[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117708[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117709[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117710[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117711[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117712[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117713[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117716[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117717[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117718[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117719[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117720[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117722[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117723[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117725[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117726[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117727[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117728[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117729[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117730[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117731[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117732[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117733[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117734[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117735[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117736[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117737[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117738[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117741[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117742[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117743[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117744[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117745[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117746[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117747[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117748[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117749[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117750[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117751[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117752[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117753[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117754[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117755[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117756[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117757[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117758[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117759[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117760[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117761[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117762[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117763[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117765[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117767[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117768[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117769[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117770[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117772[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117773[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117775[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117776[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117777[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117778[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117781[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117783[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117784[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117785[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117786[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117787[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117790[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117792[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117793[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117795[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117796[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117798[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117801[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117859[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117895[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117898[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117902[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117904[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117906[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117909[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117918[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117920[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117970[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117976[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117980[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117996[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117997[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.117998[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.118010[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.118024[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.118303[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.118333[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.139115[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12025ESTABLISHED127.0.0.149288[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12080LISTENING0.0.0.057484[2672] c:\program files\alwil software\avast4\ashwebsv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12080ESTABLISHED127.0.0.116498[2672] c:\program files\alwil software\avast4\ashwebsv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12080ESTABLISHED127.0.0.117519[2672] c:\program files\alwil software\avast4\ashwebsv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12110LISTENING0.0.0.039118[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12119LISTENING0.0.0.032920[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12143LISTENING0.0.0.038978[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12916CLOSE_WAIT127.0.0.112025[157384] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12932CLOSE_WAIT127.0.0.112025[158096] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
12943CLOSE_WAIT127.0.0.112025[157384] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
16498ESTABLISHED127.0.0.112080[158420] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
16499ESTABLISHED74.125.87.10080[2672] c:\program files\alwil software\avast4\ashwebsv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17271ESTABLISHED89.102.163.14419317[5940] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17459ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17463TIME_WAIT68.166.175.13225[0]   
17483ESTABLISHED195.112.4.625[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17499TIME_WAIT24.224.127.14025[0]   
17519ESTABLISHED127.0.0.112080[158420] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17520ESTABLISHED173.194.4.2480[2672] c:\program files\alwil software\avast4\ashwebsv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17522ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17523ESTABLISHED205.214.170.22925[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17534ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17537ESTABLISHED64.74.157.5125[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17548ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17553ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17559ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17571ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17572ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17573ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17586ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17587ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17588ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17589ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17590ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17591ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17592ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17593ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17594ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17595ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17596ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17597ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17598ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17599ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17600ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17601ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17602ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17603ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17604ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17605ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17606ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17607ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17608ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17609ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17610ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17611ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17612ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17613ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17614ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17615ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17616ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17617ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17618ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17619ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17620ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17621ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17622ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17623ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17624ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17625ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17626ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17627ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17628ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17629ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17630ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17631ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17634SYN_SENT87.248.121.7525[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17637ESTABLISHED195.3.96.7125[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17640TIME_WAIT193.10.250.1525[0]   
17641ESTABLISHED70.42.226.5325[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17645ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17646ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17647ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17648ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17649ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17650ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17651ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17652ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17653ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17654ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17655ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17656ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17657ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17658ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17659ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17660ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17661ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17662ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17663ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17664ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17665ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17666ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17667ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17668ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17669ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17670ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17671ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17672ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17673ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17674ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17675ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17676ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17677ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17678ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17679ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17680ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17681ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17682ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17683ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17684ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17685ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17686ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17687ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17688ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17689ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17690ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17691ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17692ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17693ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17694ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17695ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17696ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17697ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17698ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17699ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17700ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17701ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17703ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17704ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17705ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17706ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17707ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17708ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17709ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17710ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17711ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17712ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17713ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17716ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17717ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17718ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17719ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17720ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17722ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17723ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17725ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17726ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17727ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17728ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17729ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17730ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17731ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17732ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17733ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17734ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17735ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17736ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17737ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17738ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17741ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17742ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17743ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17744ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17745ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17746ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17747ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17748ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17749ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17750ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17751ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17752ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17753ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17754ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17755ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17756ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17757ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17758ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17759ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17760ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17761ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17762ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17763ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17765ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17767ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17768ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17769ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17770ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17772ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17773ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17775ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17776ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17777ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17778ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17781ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17783ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17784ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17785ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17786ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17787ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17790ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17792ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17793ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17795ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17796ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17798ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17801ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17859ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17894TIME_WAIT81.89.246.17825[0]   
17895ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17898ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17902ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17904ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17906ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17909ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17918ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17920ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17970ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17976ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17980ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17987SYN_SENT129.16.222.6125[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17988SYN_SENT195.2.244.4825[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17989SYN_SENT194.232.105.12425[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17993TIME_WAIT64.12.138.15225[0]   
17996ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17997ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
17998ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
18010ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
18024ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
18302SYN_SENT94.75.244.25443[157384] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
18303ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
18333ESTABLISHED127.0.0.112025[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
18334ESTABLISHED81.89.246.17825[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
18335ESTABLISHED64.12.90.125[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
18336ESTABLISHED72.167.238.20125[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
18337ESTABLISHED64.12.90.125[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
18338ESTABLISHED62.168.132.6825[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
20921CLOSE_WAIT207.45.187.7480[280] c:\windows\explorer.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
20927ESTABLISHED78.159.121.4133422[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
22226ESTABLISHED85.160.215.14153515[5940] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
22226LISTENING0.0.0.010484[5940] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
22226ESTABLISHED85.160.215.14153514[5940] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
25801ESTABLISHED127.0.0.125802[158420] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
25802ESTABLISHED127.0.0.125801[158420] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
25807ESTABLISHED127.0.0.125808[158420] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
25808ESTABLISHED127.0.0.125807[158420] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
37777CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
38002CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
38136CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
39115ESTABLISHED127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
39140ESTABLISHED142.217.217.7525[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
40555CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
41079CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
42764CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
44231CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
46387CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
48569CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
49288ESTABLISHED127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
49414ESTABLISHED88.44.60.1325[2592] c:\program files\alwil software\avast4\ashmaisv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
50173CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
51869CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
52172CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
54799CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
55626CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
57600CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
58021CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
59764CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
60495CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
60571CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
61864CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
64164CLOSE_WAIT127.0.0.112025[924] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
UDP ports
123LISTENING----[1188] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
123LISTENING----[1188] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
443LISTENING----[5940] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
445LISTENING----[4] System
Script: Quarantine, Delete, Delete via BC, Terminate		 
500LISTENING----[940] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
1900LISTENING----[1320] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
1900LISTENING----[1320] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
3147LISTENING----[157248] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
4500LISTENING----[940] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
6489LISTENING----[280] c:\windows\explorer.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
16070LISTENING----[5940] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
20919LISTENING----[280] c:\windows\explorer.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
20928LISTENING----[157252] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 
22226LISTENING----[5940] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate		 

Downloaded Program Files (DPF)

File nameDescriptionManufacturerCLSIDSource URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File nameDescriptionManufacturer
Items found - 26, recognized as trusted - 26

Active Setup

File nameDescriptionManufacturerCLSID
Items found - 12, recognized as trusted - 12

HOSTS file

Hosts file record 


127.0.0.1       localhost

Protocols and handlers

File nameTypeDescriptionManufacturerCLSID
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
Script: Quarantine, Delete, Delete via BC		HandlerSkype for COM API (Skype4COM Pluggable Protocol)(c) Skype Technologies. All rights reserved.{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}
Items found - 29, recognized as trusted - 28

Suspicious objects

FileDescriptionType
c:\program files\internet explorer\wmpscfgs.exe
Script: Quarantine, Delete, Delete via BC		Suspicion for RootkitSuspicion for Rootkit
?
Script: Quarantine, Delete, Delete via BC		Suspicion for RootkitSuspicion for Rootkit
C:\WINDOWS\system32\app_dll.dll
Script: Quarantine, Delete, Delete via BC		Suspicion for KeyloggerSuspicion for Keylogger or Trojan DLL 

Attention !!! Database was last updated 21.8.2009 it is necessary to update the database (via File - Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 24.5.2010 20:27:50
Database loaded: signatures - 237871, NN profile(s) - 2, malware removal microprograms - 56, signature database released 21.08.2009 14:23
Heuristic microprograms loaded: 374
PVS microprograms loaded: 9
Digital signatures of system files loaded: 135524
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 5.1.2600, Service Pack 2 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
 >>>> Suspicion for process file masking: c:\program files\internet explorer\wmpscfgs.exe
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Driver loaded successfully
 SDT found (RVA=08A500)
 Kernel ntoskrnl.exe found in memory at address 804D7000
   SDT = 80561500
   KiST = 804E48D0 (284)
Functions checked: 284, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
 Analyzing CPU 1
 Analyzing CPU 2
 Checking IDT and SYSENTER - complete
 >>>> Process masking detected 20236 ?
 >>>> Process masking detected 25376 ?
 >>>> Process masking detected 25440 ?
 >>>> Process masking detected 25588 ?
 >>>> Process masking detected 26180 ?
 >>>> Process masking detected 26176 ?
 >>>> Process masking detected 26628 ?
 >>>> Process masking detected 28424 ?
 >>>> Process masking detected 27348 ?
 >>>> Process masking detected 26312 ?
 >>>> Process masking detected 29620 ?
 >>>> Process masking detected 10612 ?
 >>>> Process masking detected 27024 ?
 >>>> Process masking detected 26576 ?
 >>>> Process masking detected 33316 ?
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
 Driver loaded successfully
1.5 Checking IRP handlers
\FileSystem\ntfs[IRP_MJ_CREATE] = 863470D0 -> hook not defined
 Checking - complete
2. Scanning RAM
 Number of processes found: 56
Extended process analysis: 648 C:\PROGRA~1\LAUNCH~1\LManager.exe
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 664 C:\Program Files\Apoint2K\Apoint.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 1280 C:\Program Files\Apoint2K\Apntex.exe
[ES]:Application has no visible windows
Extended process analysis: 3292 C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:EXE runtime packer ?
[ES]:Registered for automatic startup !!
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 156512 C:\Program Files\Internet Explorer\wmpscfgs.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 156660 C:\Program Files\Skype\Plugin Manager\skypePM.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 159496 c:\windows\system32\wuaucldt.exe
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Registered for automatic startup !!
Extended process analysis: 158420 C:\Program Files\Mozilla Firefox\firefox.exe
[ES]:Program code includes networking-related functionality
[ES]:Registered for automatic startup !!
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 63716 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
[ES]:Application has no visible windows
 Number of modules loaded: 429
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\WINDOWS\system32\app_dll.dll --> Suspicion for Keylogger or Trojan DLL
C:\WINDOWS\system32\app_dll.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Latent DLL loading through AppInit_DLLs suspected: "app_dll.dll"
>>> Attention - non-standard Task Manager "C:\Documents and Settings\Monika Zl?malov?\csrss.exe"
non-standard Winlogon\Shell key, hidden startup suspected "explorer.exe rundll32.exe bfvf.bxo dompgam"
>>> Attention - Registry Editor is blocked
>>> Suspicion for service/driver reg key masking "zzmaa"
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Vzd?len? registr)
>> Services: potentially dangerous service allowed: TermService (Termin?lov? slu?ba)
>> Services: potentially dangerous service allowed: SSDPSRV (Slu?ba rozpozn?v?n? pomoc? protokolu SSDP)
>> Services: potentially dangerous service allowed: Schedule (Pl?nova? ?loh)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting - Vzd?len? sd?len? plochy)
>> Services: potentially dangerous service allowed: RDSessMgr (Spr?vce relac? n?pov?dy ke vzd?len? plo?e)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  Blocked: Registry Editor
 >>  Task Manager substitution
 >>  Windows Explorer startup key is modified
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 486, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 24.5.2010 20:29:32
Time of scanning: 00:01:44
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
System Analysis in progress


Script commands
 

Add commands to script:
Additional operations:

File list