Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	1720	Apple Mobile Device Service	© 2010 Apple Inc. All rights reserved.	??	141.28 kb, rsAh, created: 16.4.2010 8:33:40, modified: 16.4.2010 8:33:40 Command line: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
c:\program files\sony ericsson\mobile2\application launcher\application launcher.exe Script: Quarantine, Delete, Delete via BC, Terminate	2348	Application Launcher	Copyright (c) 2005 Popwire AB. All rights reserved.	??	580.00 kb, RsAh, created: 28.3.2007 2:07:42, modified: 28.3.2007 2:07:42 Command line: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
c:\progra~1\alwils~1\avast5\avastui.exe Script: Quarantine, Delete, Delete via BC, Terminate	3688	avast! Antivirus	Copyright (c) 2010 ALWIL Software	??	2749.21 kb, rsAh, created: 3.6.2010 13:13:28, modified: 6.5.2010 22:59:42 Command line: "C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" /nogui
c:\program files\sony ericsson\mobile2\mobile phone monitor\epmworker.exe Script: Quarantine, Delete, Delete via BC, Terminate	2996	CAPI_Worker Module	Copyright © 2005 Popwire AB. All rights reserved.	??	860.00 kb, RsAh, created: 28.2.2007 11:55:18, modified: 28.2.2007 11:55:18 Command line: "C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe" -Embedding
c:\program files\common files\teleca shared\generic.exe Script: Quarantine, Delete, Delete via BC, Terminate	3668	Generic Device Management Executable.	(c) 2007 Teleca AB. All rights reserved.	??	960.00 kb, RsAh, created: 9.2.2007 18:03:38, modified: 9.2.2007 18:03:38 Command line: "C:\Program Files\Common Files\Teleca Shared\Generic.exe" -Embedding
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe Script: Quarantine, Delete, Delete via BC, Terminate	2096	GoogleToolbarNotifier	Copyright © 2005-2007	??	67.24 kb, rsAh, created: 23.2.2008 15:55:01, modified: 23.2.2008 15:55:01 Command line: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
c:\program files\hp\digital imaging\bin\hpqste08.exe Script: Quarantine, Delete, Delete via BC, Terminate	3808	HP CUE Status	Copyright (C) Hewlett-Packard Co. 1995-2004	??	200.00 kb, rsAh, created: 12.5.2005 1:40:38, modified: 12.5.2005 1:40:38 Command line: "C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP PSC 1400 series#1261482551" -Startup
c:\program files\hp\digital imaging\bin\hpqtra08.exe Script: Quarantine, Delete, Delete via BC, Terminate	3012	HP Digital Imaging Monitor	Copyright (C) Hewlett-Packard Co. 1995-2004	??	276.00 kb, rsAh, created: 12.5.2005 0:23:26, modified: 12.5.2005 0:23:26 Command line: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
c:\program files\icq6toolbar\icq service.exe Script: Quarantine, Delete, Delete via BC, Terminate	1868	ICQIEUpdater Module	Copyright 2007	??	240.74 kb, rsAh, created: 14.12.2008 15:16:10, modified: 3.1.2010 18:07:48 Command line: "C:\Program Files\ICQ6Toolbar\ICQ Service.exe"
c:\program files\ipod\bin\ipodservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	260	iPodService Module (32-bit)	© 2003-2010 Apple Inc. All rights reserved.	??	532.79 kb, rsAh, created: 28.4.2010 15:06:18, modified: 28.4.2010 15:06:18 Command line: "C:\Program Files\iPod\bin\iPodService.exe"
c:\program files\itunes\ituneshelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	2796	iTunesHelper	© 2003-2010 Apple Inc. All rights reserved.	??	138.79 kb, rsAh, created: 28.4.2010 15:06:30, modified: 28.4.2010 15:06:30 Command line: "C:\Program Files\iTunes\iTunesHelper.exe"
c:\program files\java\jre6\bin\jqs.exe Script: Quarantine, Delete, Delete via BC, Terminate	284	Java(TM) Quick Starter Service	Copyright © 2004	??	149.78 kb, rsAh, created: 13.2.2009 22:34:17, modified: 12.4.2010 17:29:29 Command line: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate	1736	Bonjour Service	Copyright (C) 2003-2010 Apple Inc.	??	337.28 kb, rsAh, created: 8.4.2010 13:20:00, modified: 8.4.2010 13:20:00 Command line: "C:\Program Files\Bonjour\mDNSResponder.exe"
c:\windows\system32\nvsvc32.exe Script: Quarantine, Delete, Delete via BC, Terminate	1384	NVIDIA Driver Helper Service, Version 190.62	(C) NVIDIA Corporation. All rights reserved.	??	164.07 kb, rsAh, created: 17.8.2009 4:03:00, modified: 17.8.2009 4:03:00 Command line: C:\WINDOWS\system32\nvsvc32.exe
c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe Script: Quarantine, Delete, Delete via BC, Terminate	4080	PresentationFontCache.exe	© Microsoft Corporation. All rights reserved.	??	45.02 kb, rsAh, created: 29.7.2008 22:10:04, modified: 29.7.2008 22:10:04 Command line: C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\rundll32.exe Script: Quarantine, Delete, Delete via BC, Terminate	2768	Run a DLL as an App	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	32.50 kb, rsAh, created: 2.3.2006 14:00:00, modified: 14.4.2008 9:52:44 Command line: "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
c:\program files\safari\safari.exe Script: Quarantine, Delete, Delete via BC, Terminate	3492	Safari	Copyright Apple Inc. 2007-2010	??	1753.79 kb, rsAh, created: 4.3.2010 3:33:50, modified: 4.3.2010 3:33:50 Command line: "C:\Program Files\Safari\Safari.exe"
c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate	436	Skype	(c) Skype Technologies S.A.	??	25490.29 kb, RsAh, created: 6.4.2010 2:27:46, modified: 6.4.2010 2:27:46 Command line: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
c:\progra~1\spywar~2\sp_rsser.exe Script: Quarantine, Delete, Delete via BC, Terminate	456	Spyware Terminator Realtime Shield Service	© Crawler.com	??	477.50 kb, rsAh, created: 8.2.2009 19:18:52, modified: 14.4.2010 15:40:13 Command line: C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
c:\windows\system32\spoolsv.exe Script: Quarantine, Delete, Delete via BC, Terminate	1676	Spooler SubSystem App	© Microsoft Corporation. All rights reserved.	??	56.50 kb, rsAh, created: 2.3.2006 14:00:00, modified: 14.4.2008 9:52:50 Command line: C:\WINDOWS\system32\spoolsv.exe
c:\program files\spyware terminator\spywareterminatorshield.exe Script: Quarantine, Delete, Delete via BC, Terminate	2364	Spyware Terminator Realtime Shield	© Crawler.com	??	2125.50 kb, rsAh, created: 8.2.2009 19:18:52, modified: 14.4.2010 15:40:13 Command line: "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
c:\program files\spyware terminator\spywareterminatorupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate	2120	Crawler Spyware Terminator	© Crawler.com	??	2966.50 kb, rsAh, created: 20.12.2009 20:29:14, modified: 20.12.2009 20:29:14 Command line: "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
d:\hry\call of duty modern warfare 2\steam.exe Script: Quarantine, Delete, Delete via BC, Terminate	2244	Steam	© Copyright 2000-2003 Valve Corporation All rights reserved.	??	1209.33 kb, rsAh, created: 30.6.2009 11:28:24, modified: 9.5.2010 14:44:08 Command line: "D:\hry\call of duty modern warfare 2\steam.exe" -silent
c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	1472	Generic Host Process for Win32 Services	© Microsoft Corporation. All rights reserved.	??	14.00 kb, rsAh, created: 2.3.2006 14:00:00, modified: 14.4.2008 9:52:50 Command line: C:\WINDOWS\system32\svchost -k rpcss
c:\program files\ovislink\common\turbog-ui.exe Script: Quarantine, Delete, Delete via BC, Terminate	2964	AirLive Turbo-G Wireless Utility	(c) Copyright 2004, Ovislink Corp. All rights reserved.	??	612.00 kb, rsAh, created: 23.7.2008 18:04:09, modified: 10.3.2006 18:26:56 Command line: "C:\Program Files\Ovislink\Common\TurboG-UI.exe" -s
c:\windows\system32\winlogon.exe Script: Quarantine, Delete, Delete via BC, Terminate	1080	Windows NT Logon Application	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	496.00 kb, rsAh, created: 2.3.2006 14:00:00, modified: 14.4.2008 9:52:54 Command line: winlogon.exe
Detected:47, recognized as trusted 32

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Program Files\Alwil Software\Avast5\1029\Base.dll Script: Quarantine, Delete, Delete via BC	1711800320	avast! Czech Basic Module	Copyright (c) 2010 ALWIL Software	--	3688
C:\Program Files\Bonjour\mdnsNSP.dll Script: Quarantine, Delete, Delete via BC	1677721600	Bonjour Namespace Provider	Copyright (C) 2003-2010 Apple Inc.	--	3688, 3492, 436, 1676, 2120, 2244, 1472
C:\Program Files\Bonjour\mDNSResponder.exe Script: Quarantine, Delete, Delete via BC	4194304	Bonjour Service	Copyright (C) 2003-2010 Apple Inc.	??	1736
C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll Script: Quarantine, Delete, Delete via BC	268435456	Apple Software Support Version Check Dynamic Link Library	Copyright (C) 2010	--	3492
C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll Script: Quarantine, Delete, Delete via BC	12845056	Apple System Log	2009 Apple, Inc.	--	2796, 3492
C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL Script: Quarantine, Delete, Delete via BC	25755648	CFNetwork	Copyright (C) 2007-2010	--	2796, 3492
C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll Script: Quarantine, Delete, Delete via BC	9502720	CoreFoundation	Copyright (C) 2007-2009, Apple Inc.	--	2796, 3492
C:\Program Files\Common Files\Apple\Apple Application Support\CoreGraphics.dll Script: Quarantine, Delete, Delete via BC	22675456	CoreGraphics DLL	© 2006-2009 Apple Inc. All Rights Reserved.	--	3492
C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll Script: Quarantine, Delete, Delete via BC	1255145472	ICU Data DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	--	2796, 3492
C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll Script: Quarantine, Delete, Delete via BC	10682368	IBM ICU I18N DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	--	2796, 3492
C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll Script: Quarantine, Delete, Delete via BC	11796480	IBM ICU Common DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	--	2796, 3492
C:\Program Files\Common Files\Apple\Apple Application Support\JavaScriptCore.dll Script: Quarantine, Delete, Delete via BC	19857408	JavaScriptCore Dynamic Link Library	Copyright Apple Inc. 2003-2010	--	3492
C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll Script: Quarantine, Delete, Delete via BC	68419584			--	3492
C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll Script: Quarantine, Delete, Delete via BC	32440320	libxml2		--	3492
C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll Script: Quarantine, Delete, Delete via BC	10485760	Objective-C Runtime Library	Copyright (C) 2007-2009, Apple Inc.	--	2796, 3492
C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll Script: Quarantine, Delete, Delete via BC	10420224	POSIX Threads for Windows32 Library	Copyright (C) Project contributors 1998-2004	--	2796, 3492
C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll Script: Quarantine, Delete, Delete via BC	26411008	SQLite3 Dynamic Link Library	Copyright Apple Inc. 2009	--	2796, 3492
C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll Script: Quarantine, Delete, Delete via BC	26673152	WebKit Dynamic Link Library	Copyright Apple Inc. 2003-2010	--	3492
C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll Script: Quarantine, Delete, Delete via BC	26869760	zlib data compression library	(C) 1995-2004 Jean-loup Gailly & Mark Adler	--	2796, 3492
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Script: Quarantine, Delete, Delete via BC	4194304	Apple Mobile Device Service	© 2010 Apple Inc. All rights reserved.	??	1720
C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll Script: Quarantine, Delete, Delete via BC	37945344	iTunesMobileDevice	Copyright (C) 2009	--	2796
C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\gtn.dll Script: Quarantine, Delete, Delete via BC	268435456	GoogleToolbarNotifier	Copyright © 2005-2008	--	2096
C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll Script: Quarantine, Delete, Delete via BC	13107200	GoogleToolbarNotifier	Copyright © 2005-2008	--	2096
C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc Script: Quarantine, Delete, Delete via BC	376766464	AiO TrayAppPlugIn Combined resource DLL	Copyright (C) Hewlett-Packard Co. 1995-2005	--	3012
C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc Script: Quarantine, Delete, Delete via BC	31981568	Combined resource DLL	Copyright (C) Hewlett-Packard Co. 1995-2004	--	3808
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc Script: Quarantine, Delete, Delete via BC	10878976	CUE Status Exe Combined resource DLL	Copyright (C) Hewlett-Packard Co. 1995-2004	--	3808
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc Script: Quarantine, Delete, Delete via BC	352321536	CUE TrayApp Combined resource DLL	Copyright (C) Hewlett-Packard Co. 1995-2004	--	3012
C:\Program Files\ICQ6Toolbar\ICQ Service.exe Script: Quarantine, Delete, Delete via BC	4194304	ICQIEUpdater Module	Copyright 2007	??	1868
C:\Program Files\iPod\bin\iPodService.exe Script: Quarantine, Delete, Delete via BC	4194304	iPodService Module (32-bit)	© 2003-2010 Apple Inc. All rights reserved.	??	260
C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL Script: Quarantine, Delete, Delete via BC	268435456	iPodService Resource Library (32-bit)	© 2003-2010 Apple Inc. All rights reserved.	--	260
C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL Script: Quarantine, Delete, Delete via BC	9371648	iPodService Resource Library (32-bit)	© 2003-2010 Apple Inc. All rights reserved.	--	260
C:\Program Files\iTunes\iTunesHelper.dll Script: Quarantine, Delete, Delete via BC	268435456	iTunesHelper DLL	© 2003-2010 Apple Inc. All rights reserved.	--	2796
C:\Program Files\iTunes\iTunesHelper.exe Script: Quarantine, Delete, Delete via BC	4194304	iTunesHelper	© 2003-2010 Apple Inc. All rights reserved.	??	2796
C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL Script: Quarantine, Delete, Delete via BC	17367040	iTunesHelper Resource Library	© 2003-2010 Apple Inc. All rights reserved.	--	2796
C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL Script: Quarantine, Delete, Delete via BC	17563648	iTunesHelper Resource Library	© 2003-2010 Apple Inc. All rights reserved.	--	2796
C:\Program Files\Java\jre6\bin\jqs.exe Script: Quarantine, Delete, Delete via BC	4194304	Java(TM) Quick Starter Service	Copyright © 2004	??	284
C:\Program Files\Ovislink\Common\AegisE5.dll Script: Quarantine, Delete, Delete via BC	268435456	IEEE 802.1X Protocol	Copyright © Meetinghouse Data Communications 1997-2004	--	2964
C:\Program Files\Ovislink\Common\TurboG-UI.exe Script: Quarantine, Delete, Delete via BC	4194304	AirLive Turbo-G Wireless Utility	(c) Copyright 2004, Ovislink Corp. All rights reserved.	??	2964
C:\Program Files\QuickTime\QTSystem\QTCF.dll Script: Quarantine, Delete, Delete via BC	1751777280	QuickTime CoreFoundation	Copyright Apple Inc. 1989-2010	--	2796
C:\Program Files\QuickTime\QTSystem\QuickTime.qts Script: Quarantine, Delete, Delete via BC	1719664640	QuickTime	Copyright Apple Inc. 1989-2010	--	2796
C:\Program Files\Safari\PubSubDLL.dll Script: Quarantine, Delete, Delete via BC	67764224		Copyright Apple Inc. 2006-2010	--	3492
C:\Program Files\Safari\Safari.dll Script: Quarantine, Delete, Delete via BC	11141120	Safari Dynamic Link Library	Copyright Apple Inc. 2007-2010	--	3492
C:\Program Files\Safari\Safari.exe Script: Quarantine, Delete, Delete via BC	4194304	Safari	Copyright Apple Inc. 2007-2010	??	3492
C:\Program Files\Safari\SafariTheme.dll Script: Quarantine, Delete, Delete via BC	33751040	SafariTheme Dynamic Link Library	Copyright Apple Inc. 2007-2009	--	3492
C:\Program Files\Safari\Search.dll Script: Quarantine, Delete, Delete via BC	97452032	Search Dynamic Link Library	Copyright Apple Inc. 2007-2009	--	3492
C:\Program Files\Skype\Phone\Skype.exe Script: Quarantine, Delete, Delete via BC	4194304	Skype	(c) Skype Technologies S.A.	??	436
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll Script: Quarantine, Delete, Delete via BC	13500416	Spouљtмnн aplikacн	Copyright © 2006 Popwire AB. Vљechna prбva vyhrazena.	--	2348
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherMainDlg.dll Script: Quarantine, Delete, Delete via BC	20316160	Main dialog layout	Copyright © 2006 Sony Ericsson Mobile Communications AB. All rights reserved.	--	2348
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\Capires0405.DLL Script: Quarantine, Delete, Delete via BC	271581184	capires0809	Copyright © 2005 Popwire AB. Vљechna prбva vyhrazena.	--	2996
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe Script: Quarantine, Delete, Delete via BC	4194304	Spyware Terminator Realtime Shield	© Crawler.com	??	2364
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe Script: Quarantine, Delete, Delete via BC	4194304	Crawler Spyware Terminator	© Crawler.com	??	2120
C:\Program Files\Spyware Terminator\TorentDll.dll Script: Quarantine, Delete, Delete via BC	268435456			--	2120
C:\PROGRA~1\ALWILS~1\Avast5\1029\UILangRes.dll Script: Quarantine, Delete, Delete via BC	1712062464	UILangRes	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\AavmRpch.dll Script: Quarantine, Delete, Delete via BC	1698693120	avast! AAVM Remote Procedure Call Library	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\ashBase.dll Script: Quarantine, Delete, Delete via BC	1682964480	Basic Functionality Module	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\ashTask.dll Script: Quarantine, Delete, Delete via BC	1686110208	Task Handling Module	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\ashTaskEx.dll Script: Quarantine, Delete, Delete via BC	1685848064	avast! TaskEx library	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\aswAux.dll Script: Quarantine, Delete, Delete via BC	1683488768	avast! Auxiliary Library		--	3688
C:\PROGRA~1\ALWILS~1\Avast5\aswCmnBS.dll Script: Quarantine, Delete, Delete via BC	1690828800	Common functions	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\aswCmnIS.dll Script: Quarantine, Delete, Delete via BC	1690566656	Antivirus independent functions	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\aswCmnOS.dll Script: Quarantine, Delete, Delete via BC	1690304512	Antivirus HW dependent library	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\aswData.dll Script: Quarantine, Delete, Delete via BC	1684537344	avast! UI Layer library	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\aswEngLdr.dll Script: Quarantine, Delete, Delete via BC	1690042368	Antivirus engine loader	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\aswLog.dll Script: Quarantine, Delete, Delete via BC	1685061632	avast! Log library	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\aswProperty.dll Script: Quarantine, Delete, Delete via BC	1685323776	avast! Property Storage library	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\aswSqLt.dll Script: Quarantine, Delete, Delete via BC	1686372352	avast! SQLite library	Copyright (c) 2009 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\aswUtil.dll Script: Quarantine, Delete, Delete via BC	1685585920	avast! Utility library	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe Script: Quarantine, Delete, Delete via BC	4194304	avast! Antivirus	Copyright (c) 2010 ALWIL Software	??	3688
C:\PROGRA~1\ALWILS~1\Avast5\CommonRes.dll Script: Quarantine, Delete, Delete via BC	1712324608	Common UI resources	Copyright (c) 2010 ALWIL Software	--	3688
C:\PROGRA~1\SPYWAR~2\sp_rsser.exe Script: Quarantine, Delete, Delete via BC	4194304	Spyware Terminator Realtime Shield Service	© Crawler.com	??	456
C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll Script: Quarantine, Delete, Delete via BC	16711680	.NET Framework	© Microsoft Corporation. Vљechna prбva vyhrazena.	--	4080
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll Script: Quarantine, Delete, Delete via BC	2030829568	Microsoft Common Language Runtime Class Library	© Microsoft Corporation. All rights reserved.	--	4080
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll Script: Quarantine, Delete, Delete via BC	1415446528	PresentationCore.dll	© Microsoft Corporation. All rights reserved.	--	4080
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe Script: Quarantine, Delete, Delete via BC	805306368	PresentationFontCache.exe	© Microsoft Corporation. All rights reserved.	--	4080
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll Script: Quarantine, Delete, Delete via BC	1738670080	.NET Framework	© Microsoft Corporation. All rights reserved.	--	4080
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll Script: Quarantine, Delete, Delete via BC	2051276800	.NET Framework	© Microsoft Corporation. All rights reserved.	--	4080
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll Script: Quarantine, Delete, Delete via BC	1467678720	WindowsBase.dll	© Microsoft Corporation. All rights reserved.	--	4080
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll Script: Quarantine, Delete, Delete via BC	2045116416	aspnet_isapi.lib	Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.	--	284, 436
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Script: Quarantine, Delete, Delete via BC	15073280	Microsoft .NET Runtime Common Language Runtime - WorkStation	© Microsoft Corporation. All rights reserved.	--	284, 4080, 436
C:\WINDOWS\system32\dnssd.dll Script: Quarantine, Delete, Delete via BC	369098752	Bonjour Client Library	Copyright (C) 2003-2010 Apple Inc.	--	3492
C:\WINDOWS\system32\HPTcpMUI.dll Script: Quarantine, Delete, Delete via BC	13959168	Standard TCP/IP Port Monitor UI DLL	Copyright (C) Hewlett Packard Corp. 1996-2005	--	1676
C:\WINDOWS\system32\msxml4.dll Script: Quarantine, Delete, Delete via BC	1773207552	MSXML 4.0 SP 2	Copyright (C) Microsoft Corporation. 1981-2002	--	2996, 3668
C:\WINDOWS\system32\NvMcTray.dll Script: Quarantine, Delete, Delete via BC	268435456	NVIDIA Media Center Library	(C) NVIDIA Corporation. All rights reserved.	--	2768
C:\WINDOWS\system32\nvsvc32.exe Script: Quarantine, Delete, Delete via BC	4194304	NVIDIA Driver Helper Service, Version 190.62	(C) NVIDIA Corporation. All rights reserved.	??	1384
C:\WINDOWS\system32\WgaLogon.dll Script: Quarantine, Delete, Delete via BC	21626880	Windows Genuine Advantage Notification	© 1995-2009 Microsoft Corporation	--	1080
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll Script: Quarantine, Delete, Delete via BC	2023620608	MFCDLL Shared Library - Retail Version	© Microsoft Corporation. All rights reserved.	--	3688
D:\hry\call of duty modern warfare 2\bin\FileSystem_Steam.dll Script: Quarantine, Delete, Delete via BC	1067450368	FileSystem_Steam.dll (buildbot_winslave01_steam_rel_client_win32@winslave01)	Copyright (C) 2005 Valve Corpration	--	2244
d:\hry\call of duty modern warfare 2\bin\friendsui.dll Script: Quarantine, Delete, Delete via BC	126353408	Steam Friends UI (buildbot_winslave01_steam_rel_client_win32@winslave01)	Copyright (C) 2005 Valve Corporation	--	2244
D:\hry\call of duty modern warfare 2\bin\icudt42.dll Script: Quarantine, Delete, Delete via BC	1255145472	ICU Data DLL	Copyright (C) 2009, International Business Machines Corporation and others. All Rights Reserved.	--	2244
D:\hry\call of duty modern warfare 2\bin\libcef.dll Script: Quarantine, Delete, Delete via BC	268435456	Chromium Embedded Framework (CEF) Dynamic Link Library	Copyright (C) 2009 The Chromium Embedded Framework Authors	--	2244
D:\hry\call of duty modern warfare 2\bin\mss32_s.dll Script: Quarantine, Delete, Delete via BC	554696704	Miles Sound System	Copyright (C) 1991-2009, RAD Game Tools, Inc.	--	2244
D:\hry\call of duty modern warfare 2\bin\p2pvoice.dll Script: Quarantine, Delete, Delete via BC	46006272	Steam P2P Voice Library (buildbot_winslave01_steam_rel_client_win32@winslave01)	Copyright (C) 2007	--	2244
d:\hry\call of duty modern warfare 2\bin\serverbrowser.dll Script: Quarantine, Delete, Delete via BC	124256256	Steam Server Browser Library (buildbot_winslave01_steam_rel_client_win32@winslave01)	Copyright (C) 2008 Valve Corporation	--	2244
D:\hry\call of duty modern warfare 2\bin\SteamService.dll Script: Quarantine, Delete, Delete via BC	48496640	Steam Client Service Library (buildbot_winslave01_steam_rel_client_win32@winslave01)	Copyright (C) 2007	--	2244
D:\hry\call of duty modern warfare 2\bin\vgui2.dll Script: Quarantine, Delete, Delete via BC	1059061760	vgui2_s.dll (buildbot_winslave01_steam_rel_client_win32@winslave01)	Copyright (C) 2007 Valve Corporation	--	2244
D:\hry\call of duty modern warfare 2\Steam.dll Script: Quarantine, Delete, Delete via BC	805306368	Steam Client Engine	© Copyright 2000-2003 Valve Corporation All rights reserved.	--	2244
D:\hry\call of duty modern warfare 2\steam.exe Script: Quarantine, Delete, Delete via BC	4194304	Steam	© Copyright 2000-2003 Valve Corporation All rights reserved.	??	2244
D:\hry\call of duty modern warfare 2\steamclient.dll Script: Quarantine, Delete, Delete via BC	939524096	Steamclient.dll (buildbot_winslave01_steam_rel_client_win32@winslave01)	Copyright (C) 2005 Valve Corporation	--	2244
D:\hry\call of duty modern warfare 2\SteamUI.dll Script: Quarantine, Delete, Delete via BC	973078528	SteamUI Dynamic Link Library (buildbot_winslave01_steam_rel_client_win32@winslave01)	Copyright (C) 2007	--	2244
D:\hry\call of duty modern warfare 2\tier0_s.dll Script: Quarantine, Delete, Delete via BC	1056964608	tier0_s Dynamic Link Library (buildbot_winslave01_steam_rel_client_win32@winslave01)	Copyright (C) 2007	--	2244
D:\hry\call of duty modern warfare 2\vstdlib_s.dll Script: Quarantine, Delete, Delete via BC	1063256064	vstdlib_ s.dll (buildbot_winslave01_steam_rel_client_win32@winslave01)	Copyright (C) 2005 Valve Corporation	--	2244
Modules found:529, recognized as trusted 428

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\WINDOWS\System32\Drivers\aswFsBlk.SYS Script: Quarantine, Delete, Delete via BC	B4FCC000	003000 (12288)	avast! File System Access Blocking Driver	Copyright (c) 1996-2010 ALWIL Software
C:\WINDOWS\System32\Drivers\aswSP.SYS Script: Quarantine, Delete, Delete via BC	B4DB7000	027000 (159744)	avast! self protection module	Copyright (c) 1996-2010 ALWIL Software
C:\WINDOWS\System32\Drivers\aswTdi.SYS Script: Quarantine, Delete, Delete via BC	F7527000	00A000 (40960)	avast! TDI Filter Driver	Copyright (c) 1996-2010 ALWIL Software
C:\WINDOWS\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, Delete via BC	B4CB3000	018000 (98304)
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Script: Quarantine, Delete, Delete via BC	F79CD000	002000 (8192)
C:\WINDOWS\system32\Drivers\isapnp.sys Script: Quarantine, Delete, Delete via BC	F75F7000	009000 (36864)	PNP ISA Bus Driver	© Microsoft Corporation. Vљechna prбva vyhrazena.
C:\WINDOWS\system32\DRIVERS\Rt73.sys Script: Quarantine, Delete, Delete via BC	B4CF3000	03C000 (245760)	Ralink 802.11 USB Wireless Adapter Driver	Copyright (C) 2005 Ralink Technology, Corp.
Modules found - 131, recognized as trusted - 124

Services

Service	Description	Status	File	Group	Dependencies
Apple Mobile Device Service: Stop, Delete, Disable	Apple Mobile Device	Running	C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Script: Quarantine, Delete, Delete via BC		Tcpip
Bonjour Service Service: Stop, Delete, Disable	Bonjour Service	Running	C:\Program Files\Bonjour\mDNSResponder.exe Script: Quarantine, Delete, Delete via BC		Tcpip
ICQ Service Service: Stop, Delete, Disable	ICQ Service	Running	C:\Program Files\ICQ6Toolbar\ICQ Service.exe Script: Quarantine, Delete, Delete via BC		RPCSS
iPod Service Service: Stop, Delete, Disable	iPod Service	Running	C:\Program Files\iPod\bin\iPodService.exe Script: Quarantine, Delete, Delete via BC		RpcSs
JavaQuickStarterService Service: Stop, Delete, Disable	Java Quick Starter	Running	C:\Program Files\Java\jre6\bin\jqs.exe Script: Quarantine, Delete, Delete via BC
nvsvc Service: Stop, Delete, Disable	NVIDIA Display Driver Service	Running	C:\WINDOWS\system32\nvsvc32.exe Script: Quarantine, Delete, Delete via BC	Video
sp_rssrv Service: Stop, Delete, Disable	Spyware Terminator Realtime Shield Service	Running	C:\PROGRA~1\SPYWAR~2\sp_rsser.exe Script: Quarantine, Delete, Delete via BC
avast! Antivirus Service: Stop, Delete, Disable	avast! Antivirus	Not started	C:\Program Files\Alwil Software\Avast5\AvastSvc.exe Script: Quarantine, Delete, Delete via BC	ShellSvcGroup	aswMon2
avast! Mail Scanner Service: Stop, Delete, Disable	avast! Mail Scanner	Not started	C:\Program Files\Alwil Software\Avast5\AvastSvc.exe Script: Quarantine, Delete, Delete via BC	ShellSvcGroup	avast! Antivirus
avast! Web Scanner Service: Stop, Delete, Disable	avast! Web Scanner	Not started	C:\Program Files\Alwil Software\Avast5\AvastSvc.exe Script: Quarantine, Delete, Delete via BC	ShellSvcGroup	avast! Antivirus
MWAgent Service: Stop, Delete, Disable	MWAgent	Not started	C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE Script: Quarantine, Delete, Delete via BC
Pml Driver HPZ12 Service: Stop, Delete, Disable	Pml Driver HPZ12	Not started	C:\WINDOWS\system32\HPZipm12.exe Script: Quarantine, Delete, Delete via BC
WMPNetworkSvc Service: Stop, Delete, Disable	Windows Media Player Network Sharing Service	Not started	C:\Program Files\Windows Media Player\WMPNetwk.exe Script: Quarantine, Delete, Delete via BC		upnphost
Detected - 109, recognized as trusted - 96

Drivers

Service	Description	Status	File	Group	Dependencies
aswFsBlk Driver: Unload, Delete, Disable	aswFsBlk	Running	C:\WINDOWS\system32\Drivers\aswFsBlk.sys Script: Quarantine, Delete, Delete via BC	FSFilter Activity Monitor	FltMgr
aswSP Driver: Unload, Delete, Disable	aswSP	Running	C:\WINDOWS\system32\Drivers\aswSP.sys Script: Quarantine, Delete, Delete via BC
aswTdi Driver: Unload, Delete, Disable	avast! Network Shield Support	Running	C:\WINDOWS\system32\Drivers\aswTdi.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	tcpip
isapnp Driver: Unload, Delete, Disable	Шadiи Plug and Play sbмrnice ISA/EISA	Running	C:\WINDOWS\system32\DRIVERS\isapnp.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
RT73 Driver: Unload, Delete, Disable	AirLive WT-2000USB Driver	Running	C:\WINDOWS\system32\DRIVERS\Rt73.sys Script: Quarantine, Delete, Delete via BC	NDIS
Abiosdsk Driver: Unload, Delete, Disable	Abiosdsk	Not started	Abiosdsk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
abp480n5 Driver: Unload, Delete, Disable	abp480n5	Not started	abp480n5.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
adpu160m Driver: Unload, Delete, Disable	adpu160m	Not started	adpu160m.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Aha154x Driver: Unload, Delete, Disable	Aha154x	Not started	Aha154x.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
aic78u2 Driver: Unload, Delete, Disable	aic78u2	Not started	aic78u2.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
aic78xx Driver: Unload, Delete, Disable	aic78xx	Not started	aic78xx.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
AliIde Driver: Unload, Delete, Disable	AliIde	Not started	AliIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
amsint Driver: Unload, Delete, Disable	amsint	Not started	amsint.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc Driver: Unload, Delete, Disable	asc	Not started	asc.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc3350p Driver: Unload, Delete, Disable	asc3350p	Not started	asc3350p.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc3550 Driver: Unload, Delete, Disable	asc3550	Not started	asc3550.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Atdisk Driver: Unload, Delete, Disable	Atdisk	Not started	Atdisk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
catchme Driver: Unload, Delete, Disable	catchme	Not started	C:\DOCUME~1\Patas\LOCALS~1\Temp\catchme.sys Script: Quarantine, Delete, Delete via BC	Base
cd20xrnt Driver: Unload, Delete, Disable	cd20xrnt	Not started	cd20xrnt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
CmdIde Driver: Unload, Delete, Disable	CmdIde	Not started	CmdIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
Cpqarray Driver: Unload, Delete, Disable	Cpqarray	Not started	Cpqarray.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
dac960nt Driver: Unload, Delete, Disable	dac960nt	Not started	dac960nt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
dpti2o Driver: Unload, Delete, Disable	dpti2o	Not started	dpti2o.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
EagleNT Driver: Unload, Delete, Disable	EagleNT	Not started	C:\WINDOWS\system32\drivers\EagleNT.sys Script: Quarantine, Delete, Delete via BC
econceal Driver: Unload, Delete, Disable	MicroWorld Technologies Network Service	Not started	C:\WINDOWS\system32\DRIVERS\econceal.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
hpn Driver: Unload, Delete, Disable	hpn	Not started	hpn.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
i2omp Driver: Unload, Delete, Disable	i2omp	Not started	i2omp.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ini910u Driver: Unload, Delete, Disable	ini910u	Not started	ini910u.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
IntelIde Driver: Unload, Delete, Disable	IntelIde	Not started	IntelIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
mraid35x Driver: Unload, Delete, Disable	mraid35x	Not started	mraid35x.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
PCIDump Driver: Unload, Delete, Disable	PCIDump	Not started	PCIDump.sys Script: Quarantine, Delete, Delete via BC	PCI Configuration
perc2 Driver: Unload, Delete, Disable	perc2	Not started	perc2.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
perc2hib Driver: Unload, Delete, Disable	perc2hib	Not started	perc2hib.sys Script: Quarantine, Delete, Delete via BC	Filter
ql1080 Driver: Unload, Delete, Disable	ql1080	Not started	ql1080.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Ql10wnt Driver: Unload, Delete, Disable	Ql10wnt	Not started	Ql10wnt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql12160 Driver: Unload, Delete, Disable	ql12160	Not started	ql12160.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql1240 Driver: Unload, Delete, Disable	ql1240	Not started	ql1240.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql1280 Driver: Unload, Delete, Disable	ql1280	Not started	ql1280.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Simbad Driver: Unload, Delete, Disable	Simbad	Not started	Simbad.sys Script: Quarantine, Delete, Delete via BC	Filter
Sparrow Driver: Unload, Delete, Disable	Sparrow	Not started	Sparrow.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
sptd Driver: Unload, Delete, Disable	sptd	Not started	C:\WINDOWS\system32\Drivers\sptd.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
sym_hi Driver: Unload, Delete, Disable	sym_hi	Not started	sym_hi.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
sym_u3 Driver: Unload, Delete, Disable	sym_u3	Not started	sym_u3.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
symc810 Driver: Unload, Delete, Disable	symc810	Not started	symc810.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
symc8xx Driver: Unload, Delete, Disable	symc8xx	Not started	symc8xx.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
TosIde Driver: Unload, Delete, Disable	TosIde	Not started	TosIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
ultra Driver: Unload, Delete, Disable	ultra	Not started	ultra.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ViaIde Driver: Unload, Delete, Disable	ViaIde	Not started	ViaIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
Detected - 203, recognized as trusted - 155

Autoruns

File name	Status	Startup method	Description
(None) Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, .DEFAULT\Control Panel\Desktop, scrnsave.exe Delete
(None) Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-18\Control Panel\Desktop, scrnsave.exe Delete
C:\DOCUME~1\Patas\Plocha\Avast4\aswRes.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Antivirus\avast!, EventMessageFile Delete
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, avast5 Delete
C:\PROGRA~1\COMMON~1\SYSTEM\MSMAPI\1029\MAPIR.DLL Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Outlook, EventMessageFile Delete
C:\Program Files\Bonjour\mDNSResponder.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service, EventMessageFile Delete
C:\Program Files\DAEMON Tools Lite\DTLite.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, DAEMON Tools Lite Delete
C:\Program Files\Electronic Arts\EADM\Core.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, EA Core Delete
C:\Program Files\GameSpy\Comrade\Comrade.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Comrade.exe Delete
C:\Program Files\ICQ7.0\ICQ.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\ICQ7.lnk,
C:\Program Files\Java\jre6\bin\jqs.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\JavaQuickStarterService, EventMessageFile Delete
C:\Program Files\NVIDIA Corporation\nView\nwiz.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, nwiz Delete
C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, Nero BurnRights Delete
C:\Program Files\Ovislink\Common\TurboG-UI.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\All Users.WINDOWS\Nabнdka Start\Programy\Po spuљtмnн\, C:\Documents and Settings\All Users.WINDOWS\Nabнdka Start\Programy\Po spuљtмnн\AirLive Turbo-G Wireless Utility.lnk,
C:\Program Files\QuickTime\QTSystem\QuickTime.cpl Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, QuickTime Delete
C:\Program Files\QuickTime\QTTask.exe Script: Quarantine, Delete, Delete via BC	Disabled	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run-, QuickTime Task Delete
C:\Program Files\QuickTime\qttask.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, QuickTime Task Delete
C:\Program Files\Skype\Phone\Skype.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Skype Delete
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, ECSEPM Delete
C:\Program Files\Spyware Terminator\SpyWareTerminator.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\Spyware Terminator.lnk,
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, SpywareTerminator Delete
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, SpywareTerminatorUpdate Delete
C:\Program Files\Webteh\BSplayer\bsplayer.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk,
C:\Program Files\Windows Media Player\wmpnetwk.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WMPNetworkSvc, EventMessageFile Delete
C:\Program Files\iTunes\iTunesHelper.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, iTunesHelper Delete
C:\Program Files\iTunes\iTunesHelper.exe Script: Quarantine, Delete, Delete via BC	Disabled	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run-, iTunesHelper Delete
C:\WINDOWS\Installer\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}\iTunesIco.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk,
C:\WINDOWS\Installer\{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}\SafariIco.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk,
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ASP.NET_1.1.4322\Performance, Library Delete
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\ASP.NET\1.1.4322.0, DllFullPath Delete
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\aspnet_rc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 2.0.50727.0, EventMessageFile Delete
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0, EventMessageFile Delete
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ServiceModel Audit 3.0.0.0, EventMessageFile Delete
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IdentityModel 3.0.0.0, EventMessageFile Delete
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IO.Log 3.0.0.0, EventMessageFile Delete
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.Runtime.Serialization 3.0.0.0, EventMessageFile Delete
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.ServiceModel 3.0.0.0, EventMessageFile Delete
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0, EventMessageFile Delete
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SMSvcHost 3.0.0.0, EventMessageFile Delete
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;C:\WINDOWS\system32\icardres.dll.mui Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 3.0.0.0, EventMessageFile Delete
C:\WINDOWS\System32\PrintFilterPipelineSvc.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc, EventMessageFile Delete
C:\WINDOWS\System32\igmpv2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile Delete
C:\WINDOWS\System32\ipbootp.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile Delete
C:\WINDOWS\System32\iprip2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile Delete
C:\WINDOWS\System32\ospf.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF, EventMessageFile Delete
C:\WINDOWS\System32\ospfmib.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib, EventMessageFile Delete
C:\WINDOWS\System32\polagent.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent, EventMessageFile Delete
C:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\basecsp, EventMessageFile Delete
C:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Internet Explorer 8, EventMessageFile Delete
C:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\NtServicePack, EventMessageFile Delete
C:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WGA, EventMessageFile Delete
C:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WgaNotify, EventMessageFile Delete
C:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Installer 3.1, EventMessageFile Delete
C:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WindowsMedia, EventMessageFile Delete
C:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Wudf01000, EventMessageFile Delete
C:\WINDOWS\System32\tssdis.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir, EventMessageFile Delete
C:\WINDOWS\system32\AegisE5.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\AegisP, EventMessageFile Delete
C:\WINDOWS\system32\KB905474\wgasetup.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WgaSetup, EventMessageFile Delete
C:\WINDOWS\system32\MsSip1.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1, $DLL Delete
C:\WINDOWS\system32\MsSip2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2, $DLL Delete
C:\WINDOWS\system32\MsSip3.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3, $DLL Delete
C:\WINDOWS\system32\NvCpl.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, NvCplDaemon Delete
C:\WINDOWS\system32\NvMcTray.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, NvMediaCenter Delete
C:\WINDOWS\system32\frapsvid.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, VIDC.FPS1 Delete
C:\WINDOWS\system32\nvCplUI.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\nTune.lnk,
C:\WINDOWS\system32\pavcpl.cpl Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, PavCPL Delete
C:\WINDOWS\system32\psxss.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\WINDOWS\system32\stisvc.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System, EventMessageFile Delete
C:\WINDOWS\system32\vp6vfw.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.VP60 Delete
C:\WINDOWS\system32\vp6vfw.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.VP61 Delete
C:\WINDOWS\system32\xlive.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\XLive, EventMessageFile Delete
D:\Filmy\3\ConvertXtoDvd.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Patas\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDvd.lnk,
SDEvents.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2, EventMessageFile Delete
WgaLogon.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon, DLLName Delete
d:\hry\call of duty modern warfare 2\steam.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Steam Delete
kbd101.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver JPN Delete
kbd101a.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver KOR Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, .DEFAULT\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-19\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-20\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-18\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Control Panel\IOProcs, MVB Delete
vgafix.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon Delete
vgaoem.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon Delete
vgasys.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon Delete
Autoruns items found - 625, recognized as trusted - 540

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll Script: Quarantine, Delete, Delete via BC	BHO	Crawler Toolbar Browser Object	© Crawler.com	{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Delete
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll Script: Quarantine, Delete, Delete via BC	BHO	Google Toolbar	Copyright © 2000-2010	{AA58ED58-01DD-4d91-8333-CF10577473F7} Delete
	BHO			{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Delete
C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll Script: Quarantine, Delete, Delete via BC	BHO	GoogleToolbarNotifier	Copyright © 2005-2008	{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} Delete
C:\Program Files\Java\jre6\bin\jp2ssv.dll Script: Quarantine, Delete, Delete via BC	BHO	Java(TM) Platform SE binary	Copyright © 2004	{DBC80044-A445-435b-BC74-9C25C1C588A9} Delete
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll Script: Quarantine, Delete, Delete via BC	BHO	Java(TM) Quick Starter binary	Copyright © 2004	{E7E6F031-17CE-4C07-BC86-EABFE594F69C} Delete
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll Script: Quarantine, Delete, Delete via BC	Toolbar	ICQToolBar	Copyright 2008	{855F3B16-6D32-4fe6-8A56-BBB695989046} Delete
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll Script: Quarantine, Delete, Delete via BC	Toolbar	Crawler Toolbar Browser Object	© Crawler.com	{4B3803EA-5230-4DC3-A7FC-33638F3D3542} Delete
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll Script: Quarantine, Delete, Delete via BC	Toolbar	Google Toolbar	Copyright © 2000-2010	{2318C2B1-4965-11d4-9B18-009027A5CD4F} Delete
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll Script: Quarantine, Delete, Delete via BC	Extension module	Google Toolbar	Copyright © 2000-2010	AutorunsDisabled Delete
C:\Program Files\ICQ7.0\ICQ.exe Script: Quarantine, Delete, Delete via BC	Extension module	ICQ	Copyright (c) 1998-2010 ICQ, LLC.	{88EB38EF-4D2C-436D-ABD3-56B232674062} Delete
	Extension module			{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Delete
	Extension module			{92780B25-18CC-41C8-B9BE-3C9C571A8263} Delete
	Extension module			{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} Delete
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll Script: Quarantine, Delete, Delete via BC	URLSearchHook	ICQToolBar	Copyright 2008	{855F3B16-6D32-4fe6-8A56-BBB695989046} Delete
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll Script: Quarantine, Delete, Delete via BC	URLSearchHook	Crawler Toolbar Browser Object	© Crawler.com	{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Delete
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll Script: Quarantine, Delete, Delete via BC	URLSearchHook	ICQToolBar	Copyright 2008	{855F3B16-6D32-4fe6-8A56-BBB695989046} Delete
Items found - 25, recognized as trusted - 8

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
deskpan.dll Script: Quarantine, Delete, Delete via BC	Rozљншenн panelu Zobrazenн pro panoramatickй zobrazenн			{42071714-76d4-11d1-8b24-00a0c9068ff3} Delete
	Rozљншenн prostшedн pro kompresi souborщ			{764BF0E1-F219-11ce-972D-00AA00A14F56} Delete
	Kontextovб nabнdka љifrovбnн			{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} Delete
	Hlavnн panel a nabнdka Start			{0DF44EAA-FF21-4412-828E-260A8728E7F1} Delete
rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} Script: Quarantine, Delete, Delete via BC	Autoplay for SlideShow			{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} Delete
	Uћivatelskй ъиty			{7A9D77BD-5403-11d2-8785-2E0420524153} Delete
C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL Script: Quarantine, Delete, Delete via BC	Microsoft Office Outlook Desktop Icon Handler	Microsoft Shell Extension Library	Copyright © 1995-2003 Microsoft Corporation. Vљechna prбva vyhrazena.	{00020D75-0000-0000-C000-000000000046} Delete
C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL Script: Quarantine, Delete, Delete via BC	Microsoft Office Outlook Custom Icon Handler	Outlook Shell Hook for Start/Find	Copyright © 1995-2003 Microsoft Corporation. Vљechna prбva vyhrazena.	{0006F045-0000-0000-C000-000000000046} Delete
	IE User Assist			{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} Delete
C:\Program Files\NVIDIA Corporation\nView\nvshell.dll Script: Quarantine, Delete, Delete via BC	Desktop Explorer			{1CDB2949-8F65-4355-8456-263E7C208A5D} Delete
C:\Program Files\NVIDIA Corporation\nView\nvshell.dll Script: Quarantine, Delete, Delete via BC	Desktop Explorer Menu			{1E9B04FB-F9E5-4718-997B-B8DA88302A47} Delete
C:\Program Files\NVIDIA Corporation\nView\nvshell.dll Script: Quarantine, Delete, Delete via BC	nView Desktop Context Menu			{1E9B04FB-F9E5-4718-997B-B8DA88302A48} Delete
C:\WINDOWS\system32\nvcpl.dll Script: Quarantine, Delete, Delete via BC	NvCpl DesktopContext Class	NVIDIA Display Properties Extension	(C) NVIDIA Corporation. All rights reserved.	{A70C977A-BF00-412C-90B7-034C51DA2439} Delete
C:\WINDOWS\system32\nvcpl.dll Script: Quarantine, Delete, Delete via BC	Play on my TV helper	NVIDIA Display Properties Extension	(C) NVIDIA Corporation. All rights reserved.	{FFB699E0-306A-11d3-8BD1-00104B6F7516} Delete
C:\Program Files\WinRAR\rarext.dll Script: Quarantine, Delete, Delete via BC	WinRAR shell extension			{B41DB860-8EE4-11D2-9906-E49FADC173CA} Delete
	Windows Search Shell Service			{da67b8ad-e81b-4c70-9b91b417b5e33527} Delete
	RhinoShExt			{C81DCBCA-8AE2-41FC-9C39-78B160393210} Delete
C:\Program Files\iTunes\iTunesMiniPlayer.dll Script: Quarantine, Delete, Delete via BC	iTunes	iTunes Mini Player DLL	© 2003-2010 Apple Inc. All rights reserved.	{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} Delete
	eScanShellExt extension			{66B1FB35-3BDD-45A3-9035-E178E6D8CED9} Delete
C:\Program Files\Alwil Software\Avast5\ashShell.dll Script: Quarantine, Delete, Delete via BC	avast	avast! Shell Extension	Copyright (c) 2010 ALWIL Software	{472083B0-C522-11CF-8763-00608CC02F24} Delete
Items found - 226, recognized as trusted - 206

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
Items found - 10, recognized as trusted - 10

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer
Items found - 4, recognized as trusted - 4

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
mdnsNSP		C:\Program Files\Bonjour\mdnsNSP.dll Script: Quarantine, Delete, Delete via BC	Copyright (C) 2003-2010 Apple Inc.	{B600E6E9-553B-4A19-8696-335E5C896153}
Detected - 4, recognized as trusted - 3

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 23, recognized as trusted - 23
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 20728 [1472] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
139 LISTENING 0.0.0.0 18471 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING 0.0.0.0 36980 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
1026 LISTENING 0.0.0.0 59513 [1712] c:\windows\system32\alg.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1039 ESTABLISHED 127.0.0.1 1040 [2120] c:\program files\spyware terminator\spywareterminatorupdate.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1040 ESTABLISHED 127.0.0.1 1039 [2120] c:\program files\spyware terminator\spywareterminatorupdate.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1047 ESTABLISHED 127.0.0.1 27015 [2796] c:\program files\itunes\ituneshelper.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1168 CLOSE_WAIT 174.36.159.204 80 [3688] c:\progra~1\alwils~1\avast5\avastui.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1169 CLOSE_WAIT 174.36.159.204 80 [3688] c:\progra~1\alwils~1\avast5\avastui.exe
Script: Quarantine, Delete, Delete via BC, Terminate
3510 ESTABLISHED 127.0.0.1 5354 [3492] c:\program files\safari\safari.exe
Script: Quarantine, Delete, Delete via BC, Terminate
3696 TIME_WAIT 74.125.39.100 80 [0]
3697 TIME_WAIT 173.194.1.39 80 [0]
3714 TIME_WAIT 173.194.1.39 80 [0]
5152 LISTENING 0.0.0.0 162 [284] c:\program files\java\jre6\bin\jqs.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5354 LISTENING 0.0.0.0 6358 [1736] c:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5354 ESTABLISHED 127.0.0.1 3510 [1736] c:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
6881 LISTENING 0.0.0.0 104 [2120] c:\program files\spyware terminator\spywareterminatorupdate.exe
Script: Quarantine, Delete, Delete via BC, Terminate
27015 LISTENING 0.0.0.0 35030 [1720] c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate
27015 ESTABLISHED 127.0.0.1 1047 [1720] c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123 LISTENING -- -- [1528] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
123 LISTENING -- -- [1528] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
1025 LISTENING -- -- [1736] c:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1035 LISTENING -- -- [2120] c:\program files\spyware terminator\spywareterminatorupdate.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1036 LISTENING -- -- [2120] c:\program files\spyware terminator\spywareterminatorupdate.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1050 LISTENING -- -- [436] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1056 LISTENING -- -- [2244] d:\hry\call of duty modern warfare 2\steam.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1632] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1632] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
3511 LISTENING -- -- [3492] c:\program files\safari\safari.exe
Script: Quarantine, Delete, Delete via BC, Terminate
3512 LISTENING -- -- [3492] c:\program files\safari\safari.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5353 LISTENING -- -- [1736] c:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
6771 LISTENING -- -- [2120] c:\program files\spyware terminator\spywareterminatorupdate.exe
Script: Quarantine, Delete, Delete via BC, Terminate
6881 LISTENING -- -- [2120] c:\program files\spyware terminator\spywareterminatorupdate.exe
Script: Quarantine, Delete, Delete via BC, Terminate
44301 LISTENING -- -- [340] c:\windows\system32\pnkbstra.exe
Script: Quarantine, Delete, Delete via BC, Terminate
52530 LISTENING -- -- [1736] c:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
54167 LISTENING -- -- [1736] c:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
54862 LISTENING -- -- [1736] c:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
62294 LISTENING -- -- [1736] c:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
63606 LISTENING -- -- [1736] c:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
C:\Program Files\Download Manager\DLMControl.dll
Script: Quarantine, Delete, Delete via BC Download Manager IE Control Copyright 2006 IGN Entertainment {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
Delete http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
C:\Program Files\Java\jre6\bin\jp2iexp.dll
Script: Quarantine, Delete, Delete via BC {8AD9C840-044E-11D1-B3E9-00805F499D93}
Delete http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Delete http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
C:\Program Files\Java\jre6\bin\jp2iexp.dll
Script: Quarantine, Delete, Delete via BC {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Delete http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
C:\Program Files\Java\jre6\bin\npjpi160_20.dll
Script: Quarantine, Delete, Delete via BC Classic Java Plug-in 1.6.0_20 for Netscape and Mozilla Copyright © 2004 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Delete http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx
Script: Quarantine, Delete, Delete via BC Adobe Flash Player 10.0 r45 Adobe® Flash® Player. Copyright © 1996-2009 Adobe Systems Incorporated. All Rights Reserved. Protected by U.S. Patent 6,879,327; Patents Pending in the United States and other countries. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries. {D27CDB6E-AE6D-11CF-96B8-444553540000}
Delete http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Items found - 9, recognized as trusted - 3

Control Panel Applets (CPL)

File name Description Manufacturer
C:\WINDOWS\system32\javacpl.cpl
Script: Quarantine, Delete, Delete via BC Java(TM) Control Panel Copyright © 2004
C:\WINDOWS\system32\nvcpl.cpl
Script: Quarantine, Delete, Delete via BC NVIDIA Control Panel Applet 2.7.130.30 (C) NVIDIA Corporation. All rights reserved.
Items found - 27, recognized as trusted - 25

Active Setup

File name Description Manufacturer CLSID
Items found - 15, recognized as trusted - 15

HOSTS file

Hosts file record
127.0.0.1 localhost

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
Script: Quarantine, Delete, Delete via BC Handler Skype for COM API (Skype4COM Pluggable Protocol) (c) Skype Technologies. All rights reserved. {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
Script: Quarantine, Delete, Delete via BC Handler Crawler Toolbar Browser Object (tbr) © Crawler.com {4D25FB7A-8902-4291-960E-9ADA051CFBBF}
Items found - 33, recognized as trusted - 28

Suspicious objects

File Description Type

Attention !!! Database was last updated 21.8.2009 it is necessary to update the database (via File - Database update) AVZ Antiviral Toolkit log; AVZ version is 4.32 Scanning started at 13.6.2010 16:02:00 Database loaded: signatures - 237871, NN profile(s) - 2, malware removal microprograms - 56, signature database released 21.08.2009 14:23 Heuristic microprograms loaded: 374 PVS microprograms loaded: 9 Digital signatures of system files loaded: 135524 Heuristic analyzer mode: Medium heuristics mode Malware removal mode: disabled Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights System Restore: enabled 1. Searching for Rootkits and other software intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Anti-Rootkit error [Failed to set data for 'ImagePath'], step [14] 2. Scanning RAM Number of processes found: 46 Number of modules loaded: 492 Scanning RAM - complete 3. Scanning disks 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) 6. Searching for opened TCP/UDP ports used by malicious software Checking - disabled by user 7. Heuristic system check Checking - complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed: RemoteRegistry (Vzd?len? registr) >> Services: potentially dangerous service allowed: TermService (Termin?lov? slu?ba) >> Services: potentially dangerous service allowed: SSDPSRV (Slu?ba rozpozn?v?n? pomoc? protokolu SSDP) >> Services: potentially dangerous service allowed: TlntSvr (Telnet) >> Services: potentially dangerous service allowed: Messenger (Kur?rn? slu?ba) >> Services: potentially dangerous service allowed: Schedule (Pl?nova? ?loh) >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting - Vzd?len? sd?len? plochy) >> Services: potentially dangerous service allowed: RDSessMgr (Spr?vce relac? n?pov?dy ke vzd?len? plo?e) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: sending Remote Assistant queries is enabled Checking - complete 9. Troubleshooting wizard >> HDD autorun is allowed >> Network drives autorun is allowed >> Removable media autorun is allowed Checking - complete Files scanned: 538, extracted from archives: 0, malicious software found 0, suspicions - 0 Scanning finished at 13.6.2010 16:02:27 Time of scanning: 00:00:30 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference Creating archive of files from Quarantine Creating archive of files from Quarantine - complete System Analysis in progress
Script commands

Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
Remove traces of deleted files
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:
Performance tweaking: disable service RemoteRegistry (Vzdбlenэ registr)
Performance tweaking: disable service TermService (Terminбlovб sluћba)
Performance tweaking: disable service SSDPSRV (Sluћba rozpoznбvбnн pomocн protokolu SSDP)
Performance tweaking: disable service TlntSvr (Telnet)
Performance tweaking: disable service Messenger (Kurэrnн sluћba)
Performance tweaking: disable service Schedule (Plбnovaи ъloh)
Performance tweaking: disable service mnmsrvc (NetMeeting - Vzdбlenй sdнlenн plochy)
Performance tweaking: disable service RDSessMgr (Sprбvce relacн nбpovмdy ke vzdбlenй ploљe)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries
File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
135	LISTENING	0.0.0.0	20728	[1472] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
139	LISTENING	0.0.0.0	18471	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	0.0.0.0	36980	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
1026	LISTENING	0.0.0.0	59513	[1712] c:\windows\system32\alg.exe Script: Quarantine, Delete, Delete via BC, Terminate
1039	ESTABLISHED	127.0.0.1	1040	[2120] c:\program files\spyware terminator\spywareterminatorupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate
1040	ESTABLISHED	127.0.0.1	1039	[2120] c:\program files\spyware terminator\spywareterminatorupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate
1047	ESTABLISHED	127.0.0.1	27015	[2796] c:\program files\itunes\ituneshelper.exe Script: Quarantine, Delete, Delete via BC, Terminate
1168	CLOSE_WAIT	174.36.159.204	80	[3688] c:\progra~1\alwils~1\avast5\avastui.exe Script: Quarantine, Delete, Delete via BC, Terminate
1169	CLOSE_WAIT	174.36.159.204	80	[3688] c:\progra~1\alwils~1\avast5\avastui.exe Script: Quarantine, Delete, Delete via BC, Terminate
3510	ESTABLISHED	127.0.0.1	5354	[3492] c:\program files\safari\safari.exe Script: Quarantine, Delete, Delete via BC, Terminate
3696	TIME_WAIT	74.125.39.100	80	[0]
3697	TIME_WAIT	173.194.1.39	80	[0]
3714	TIME_WAIT	173.194.1.39	80	[0]
5152	LISTENING	0.0.0.0	162	[284] c:\program files\java\jre6\bin\jqs.exe Script: Quarantine, Delete, Delete via BC, Terminate
5354	LISTENING	0.0.0.0	6358	[1736] c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
5354	ESTABLISHED	127.0.0.1	3510	[1736] c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
6881	LISTENING	0.0.0.0	104	[2120] c:\program files\spyware terminator\spywareterminatorupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate
27015	LISTENING	0.0.0.0	35030	[1720] c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, Delete via BC, Terminate
27015	ESTABLISHED	127.0.0.1	1047	[1720] c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123	LISTENING	--	--	[1528] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
123	LISTENING	--	--	[1528] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
1025	LISTENING	--	--	[1736] c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
1035	LISTENING	--	--	[2120] c:\program files\spyware terminator\spywareterminatorupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate
1036	LISTENING	--	--	[2120] c:\program files\spyware terminator\spywareterminatorupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate
1050	LISTENING	--	--	[436] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
1056	LISTENING	--	--	[2244] d:\hry\call of duty modern warfare 2\steam.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[1632] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[1632] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
3511	LISTENING	--	--	[3492] c:\program files\safari\safari.exe Script: Quarantine, Delete, Delete via BC, Terminate
3512	LISTENING	--	--	[3492] c:\program files\safari\safari.exe Script: Quarantine, Delete, Delete via BC, Terminate
5353	LISTENING	--	--	[1736] c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
6771	LISTENING	--	--	[2120] c:\program files\spyware terminator\spywareterminatorupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate
6881	LISTENING	--	--	[2120] c:\program files\spyware terminator\spywareterminatorupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate
44301	LISTENING	--	--	[340] c:\windows\system32\pnkbstra.exe Script: Quarantine, Delete, Delete via BC, Terminate
52530	LISTENING	--	--	[1736] c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
54167	LISTENING	--	--	[1736] c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
54862	LISTENING	--	--	[1736] c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
62294	LISTENING	--	--	[1736] c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
63606	LISTENING	--	--	[1736] c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate