Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\program files\avira\antivir desktop\avgnt.exe Script: Quarantine, Delete, Delete via BC, Terminate	880	Avira System Tray Tool	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	??	340.45 kb, rsAh, created: 03.02.2012 20:02:54, modified: 10.05.2012 17:06:40 Command line: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
c:\program files\avira\antivir desktop\avguard.exe Script: Quarantine, Delete, Delete via BC, Terminate	508	Avira On-Access Service	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	??	107.45 kb, rsAh, created: 03.02.2012 20:02:54, modified: 10.05.2012 17:06:40 Command line: "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
c:\program files\avira\antivir desktop\avshadow.exe Script: Quarantine, Delete, Delete via BC, Terminate	3296	Avira Shadow Copy Service	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	??	78.45 kb, rsAh, created: 03.02.2012 20:02:54, modified: 10.05.2012 17:06:40 Command line: "C:\Program Files\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_000001fc
c:\program files\ati technologies\ati.ace\core-static\ccc.exe Script: Quarantine, Delete, Delete via BC, Terminate	280	Catalyst Control Centre: Host application	2002-2006	??	48.00 kb, rsAh, created: 18.12.2008 14:19:44, modified: 18.12.2008 14:19:44 Command line: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe" 0
c:\program files\luidia\ebeam device service\ebeamdeviceservicemain.exe Script: Quarantine, Delete, Delete via BC, Terminate	660	eBeam Device Service	Copyright (c) 2000-2007, Luidia, Inc.	??	176.00 kb, rsAh, created: 18.02.2012 12:27:33, modified: 27.01.2010 18:02:42 Command line: "C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe"
c:\program files\luidia\ebeam device service\ebeamdeviceserviceui.exe Script: Quarantine, Delete, Delete via BC, Terminate	776	eBeam Device Service UI	Copyright (c) 2000-2007, Luidia, Inc.	??	1256.00 kb, rsAh, created: 18.02.2012 12:27:33, modified: 27.01.2010 18:03:18 Command line: "C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceUI.exe"
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	3604	Firefox	©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.	??	892.47 kb, rsAh, created: 05.06.2012 17:39:36, modified: 01.06.2012 17:37:13 Command line: "C:\Program Files\Mozilla Firefox\firefox.exe"
c:\xampp\apache\bin\httpd.exe Script: Quarantine, Delete, Delete via BC, Terminate	520	Apache HTTP Server	Copyright 2011 The Apache Software Foundation.	??	18.00 kb, rsAh, created: 09.03.2012 18:42:12, modified: 10.09.2011 11:43:18 Command line: "C:\xampp\apache\bin\httpd.exe" -k runservice
c:\xampp\apache\bin\httpd.exe Script: Quarantine, Delete, Delete via BC, Terminate	3404	Apache HTTP Server	Copyright 2011 The Apache Software Foundation.	??	18.00 kb, rsAh, created: 09.03.2012 18:42:12, modified: 10.09.2011 11:43:18 Command line: C:\xampp\apache\bin\httpd.exe -d C:/xampp/apache
c:\program files\ati technologies\ati.ace\core-static\mom.exe Script: Quarantine, Delete, Delete via BC, Terminate	1368	Catalyst Control Center: Monitoring program	2002-2007	??	48.00 kb, rsAh, created: 18.12.2008 15:32:52, modified: 18.12.2008 15:32:52 Command line: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM"
c:\program files\mozilla firefox\plugin-container.exe Script: Quarantine, Delete, Delete via BC, Terminate	796	Plugin Container for Firefox	License: MPL 1.1/GPL 2.0/LGPL 2.1	??	16.47 kb, rsAh, created: 05.06.2012 17:39:36, modified: 01.06.2012 17:37:48 Command line: "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=3604.62b62f0.1453173559 "C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll" - -greomni "C:\Program Files\Mozilla Firefox\omni.ja" 3604 "\\.\pipe\gecko-crash-server-pipe.3604" plugin
c:\program files\avira\antivir desktop\sched.exe Script: Quarantine, Delete, Delete via BC, Terminate	268	Avira Scheduler	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	??	84.20 kb, rsAh, created: 03.02.2012 20:02:57, modified: 10.05.2012 17:06:41 Command line: "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
c:\windows\system32\spoolsv.exe Script: Quarantine, Delete, Delete via BC, Terminate	2044	Spooler SubSystem App	© Microsoft Corporation. All rights reserved.	??	57.50 kb, rsAh, created: 16.04.2003 14:00:00, modified: 17.08.2010 15:17:06 Command line: C:\WINDOWS\system32\spoolsv.exe
Detected:39, recognized as trusted 32

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Program Files\Avira\AntiVir Desktop\aecore.dll Script: Quarantine, Delete, Delete via BC	20316160	Avira Engine Module for Windows	Copyright © 2012 Avira Operations GmbH & Co. KG. All rights reserved.	--	508
C:\Program Files\Avira\AntiVir Desktop\aeexp.dll Script: Quarantine, Delete, Delete via BC	32243712	Avira Engine Module for Windows	Copyright © 2012 Avira Operations GmbH & Co. KG. All rights reserved.	--	508
C:\Program Files\Avira\AntiVir Desktop\aeheur.dll Script: Quarantine, Delete, Delete via BC	26411008	Avira Engine Module for Windows	Copyright © 2012 Avira Operations GmbH & Co. KG. All rights reserved.	--	508
C:\Program Files\Avira\AntiVir Desktop\aepack.dll Script: Quarantine, Delete, Delete via BC	25165824	Avira Engine Module for Windows	Copyright © 2012 Avira Operations GmbH & Co. KG. All rights reserved.	--	508
C:\Program Files\Avira\AntiVir Desktop\aesbx.dll Script: Quarantine, Delete, Delete via BC	23724032	Avira Engine Module for Windows	Copyright © 2012 Avira Operations GmbH & Co. KG. All rights reserved.	--	508
C:\Program Files\Avira\AntiVir Desktop\aescript.dll Script: Quarantine, Delete, Delete via BC	22937600	Avira Engine Module for Windows	Copyright © 2012 Avira Operations GmbH & Co. KG. All rights reserved.	--	508
C:\Program Files\Avira\AntiVir Desktop\aevdf.dll Script: Quarantine, Delete, Delete via BC	20643840	Avira Engine Module for Windows	Copyright © 2012 Avira Operations GmbH & Co. KG. All rights reserved.	--	508
c:\program files\avira\antivir desktop\avesvc.dll Script: Quarantine, Delete, Delete via BC	33161216	Avira Engine Service Library	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
c:\program files\avira\antivir desktop\avesvcr.dll Script: Quarantine, Delete, Delete via BC	33423360	Avira Engine Service Library Resources	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll Script: Quarantine, Delete, Delete via BC	10682368	Avira Event Logger	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508, 268
C:\Program Files\Avira\AntiVir Desktop\AVGIO.DLL Script: Quarantine, Delete, Delete via BC	18939904	Avira On-Access Scan Library	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
C:\Program Files\Avira\AntiVir Desktop\avipc.dll Script: Quarantine, Delete, Delete via BC	18219008	Avira IPC Library	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880, 508, 3296
c:\program files\avira\antivir desktop\avpref.dll Script: Quarantine, Delete, Delete via BC	20185088	Avira Prefix Library	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
c:\program files\avira\antivir desktop\ccgen.dll Script: Quarantine, Delete, Delete via BC	19136512	Avira CC General plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\ccgenrc.dll Script: Quarantine, Delete, Delete via BC	19988480	Avira CC General plugin resources	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\ccgrdrc.dll Script: Quarantine, Delete, Delete via BC	14942208	Avira CC Guard plugin resources	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\ccgrdw.dll Script: Quarantine, Delete, Delete via BC	15007744	Avira CC Guard Worker plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\ccguard.dll Script: Quarantine, Delete, Delete via BC	14352384	Avira CC Guard plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\cclic.dll Script: Quarantine, Delete, Delete via BC	20578304	Avira CC License Status plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\cclicrc.dll Script: Quarantine, Delete, Delete via BC	20840448	Avira CC License Status plugin resources	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\ccmainrc.dll Script: Quarantine, Delete, Delete via BC	30539776	Avira Control Center resources	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\ccmsg.dll Script: Quarantine, Delete, Delete via BC	20905984	Avira CC Message plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\ccmsgrc.dll Script: Quarantine, Delete, Delete via BC	21299200	Avira CC Message plugin resources	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\ccupdate.dll Script: Quarantine, Delete, Delete via BC	20054016	Avira CC Updater Status plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\ccupdrc.dll Script: Quarantine, Delete, Delete via BC	20512768	Avira CC Updater plugin resources	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll Script: Quarantine, Delete, Delete via BC	31719424	Avira CC Updater Worker plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\ccwgrd.dll Script: Quarantine, Delete, Delete via BC	18350080	Avira CC WebGuard plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll Script: Quarantine, Delete, Delete via BC	268435456	Avira CC Common Worker Library	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
c:\program files\avira\antivir desktop\cfglib.dll Script: Quarantine, Delete, Delete via BC	13828096	Avira Configuration Library	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880, 508, 268
c:\program files\avira\antivir desktop\gpavgio.dll Script: Quarantine, Delete, Delete via BC	15007744	Avira Host Service AVGIO plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
c:\program files\avira\antivir desktop\gpgen.dll Script: Quarantine, Delete, Delete via BC	11010048	Avira Host Service General	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508, 268
c:\program files\avira\antivir desktop\gpgenrep.dll Script: Quarantine, Delete, Delete via BC	15925248	Avira Host Service Generic Repair	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
c:\program files\avira\antivir desktop\gpgrd.dll Script: Quarantine, Delete, Delete via BC	14548992	Avira Host Service On-Access plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
c:\program files\avira\antivir desktop\gpgui.dll Script: Quarantine, Delete, Delete via BC	15335424	Avira Host Service Gui plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
c:\program files\avira\antivir desktop\gpipc.dll Script: Quarantine, Delete, Delete via BC	17891328	Avira Host Service Ipc plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880, 508, 268
c:\program files\avira\antivir desktop\gplegacy.dll Script: Quarantine, Delete, Delete via BC	15532032	Avira Host Service Legacy plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
c:\program files\avira\antivir desktop\gpschd.dll Script: Quarantine, Delete, Delete via BC	14876672	Avira Host Service Scheduler Plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	268
C:\Program Files\Avira\AntiVir Desktop\grdcore.dll Script: Quarantine, Delete, Delete via BC	17432576	Avira Host Framework Core Library	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880, 508, 268
C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll Script: Quarantine, Delete, Delete via BC	15794176	Avira On-Access Library	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
c:\program files\avira\antivir desktop\onlcfg.dll Script: Quarantine, Delete, Delete via BC	16121856	Avira Online Configuration plugin	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
C:\Program Files\Avira\AntiVir Desktop\rcimage.dll Script: Quarantine, Delete, Delete via BC	25755648	Avira Resources	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	880
C:\Program Files\Avira\AntiVir Desktop\schedr.dll Script: Quarantine, Delete, Delete via BC	16973824	Avira Scheduler resources	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	268
C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll Script: Quarantine, Delete, Delete via BC	17301504	SQLite 3 Database Library		--	508, 268
c:\program files\avira\antivir desktop\webcat.dll Script: Quarantine, Delete, Delete via BC	36569088	Avira Web Categorization Library	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
C:\Program Files\Avira\AntiVir Desktop\webcatrc.dll Script: Quarantine, Delete, Delete via BC	38207488	Avira Web Categorization resources	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	--	508
C:\Program Files\Luidia\eBeam Device Service\eBeamCalibrationUI.dll Script: Quarantine, Delete, Delete via BC	4390912	eBeam Interactive Calibration	Copyright (c) 2000-2007, Luidia, Inc.	--	660, 776
C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceUI_1029.dll Script: Quarantine, Delete, Delete via BC	19660800	eBeam Device Service UI	Copyright (c) 2000-2007, Luidia, Inc.	--	776
C:\Program Files\Luidia\eBeam Device Service\eBeamSys.dll Script: Quarantine, Delete, Delete via BC	3735552	eBeamSys.dll	Copyright (c) 2000-2006, Luidia, Inc.	--	660, 776
C:\Program Files\Luidia\eBeam Device Service\WBApi.dll Script: Quarantine, Delete, Delete via BC	268435456	WBApi.dll	Copyright (c) 2000-2006, Luidia, Inc.	--	660
C:\Program Files\Mozilla Firefox\components\browsercomps.dll Script: Quarantine, Delete, Delete via BC	59572224		License: MPL 1.1/GPL 2.0/LGPL 2.1	--	3604
C:\Program Files\Mozilla Firefox\freebl3.dll Script: Quarantine, Delete, Delete via BC	89391104	NSS freebl Library		--	3604
C:\Program Files\Mozilla Firefox\gkmedias.dll Script: Quarantine, Delete, Delete via BC	74514432		License: MPL 1.1/GPL 2.0/LGPL 2.1	--	3604
C:\Program Files\Mozilla Firefox\mozalloc.dll Script: Quarantine, Delete, Delete via BC	18350080		License: MPL 1.1/GPL 2.0/LGPL 2.1	--	3604, 796
C:\Program Files\Mozilla Firefox\mozglue.dll Script: Quarantine, Delete, Delete via BC	10289152		License: MPL 1.1/GPL 2.0/LGPL 2.1	--	3604, 796
C:\Program Files\Mozilla Firefox\mozjs.dll Script: Quarantine, Delete, Delete via BC	26214400			--	3604, 796
C:\Program Files\Mozilla Firefox\mozsqlite3.dll Script: Quarantine, Delete, Delete via BC	21561344	SQLite Database Library		--	3604, 796
C:\Program Files\Mozilla Firefox\nspr4.dll Script: Quarantine, Delete, Delete via BC	268435456	NSPR Library		--	3604, 796
C:\Program Files\Mozilla Firefox\nss3.dll Script: Quarantine, Delete, Delete via BC	25231360	NSS Base Library		--	3604, 796
C:\Program Files\Mozilla Firefox\nssckbi.dll Script: Quarantine, Delete, Delete via BC	89718784	NSS Builtin Trusted Root CAs		--	3604
C:\Program Files\Mozilla Firefox\nssdbm3.dll Script: Quarantine, Delete, Delete via BC	68026368	Legacy Database Driver		--	3604
C:\Program Files\Mozilla Firefox\nssutil3.dll Script: Quarantine, Delete, Delete via BC	9633792	NSS Utility Library		--	3604, 796
C:\Program Files\Mozilla Firefox\plc4.dll Script: Quarantine, Delete, Delete via BC	14417920	PLC Library		--	3604, 796
C:\Program Files\Mozilla Firefox\plds4.dll Script: Quarantine, Delete, Delete via BC	16187392	PLDS Library		--	3604, 796
C:\Program Files\Mozilla Firefox\smime3.dll Script: Quarantine, Delete, Delete via BC	26083328	NSS S/MIME Library		--	3604, 796
C:\Program Files\Mozilla Firefox\softokn3.dll Script: Quarantine, Delete, Delete via BC	23986176	NSS PKCS #11 Library		--	3604
C:\Program Files\Mozilla Firefox\ssl3.dll Script: Quarantine, Delete, Delete via BC	25886720	NSS SSL Library		--	3604, 796
C:\Program Files\Mozilla Firefox\xpcom.dll Script: Quarantine, Delete, Delete via BC	44498944		License: MPL 1.1/GPL 2.0/LGPL 2.1	--	3604
C:\Program Files\Mozilla Firefox\xul.dll Script: Quarantine, Delete, Delete via BC	28377088		License: MPL 1.1/GPL 2.0/LGPL 2.1	--	3604, 796
C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll Script: Quarantine, Delete, Delete via BC	61210624	Knihovna tшнd modulu Microsoft CLR	© Microsoft Corporation. Vљechna prбva vyhrazena.	--	280, 1368
C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_cs_b77a5c561934e089\System.resources.dll Script: Quarantine, Delete, Delete via BC	65404928	.NET Framework	© Microsoft Corporation. Vљechna prбva vyhrazena.	--	1368
C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_cs_b77a5c561934e089\System.Runtime.Remoting.resources.dll Script: Quarantine, Delete, Delete via BC	87883776	Microsoft .NET Runtime Object Remoting	© Microsoft Corporation. All rights reserved.	--	280, 1368
C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll Script: Quarantine, Delete, Delete via BC	62259200	.NET Framework	© Microsoft Corporation. Vљechna prбva vyhrazena.	--	280
C:\WINDOWS\system32\BIIMGUser.dll Script: Quarantine, Delete, Delete via BC	268435456	BiImgUser	Copyright © 2007 Black Ice Software, Inc.	--	2044
C:\WINDOWS\system32\BuEMonNT.dll Script: Quarantine, Delete, Delete via BC	14286848	Port Monitor Dll for Printer Drivers	Copyright © 2008 Black Ice Software, Inc.	--	2044
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BuEProNT.dll Script: Quarantine, Delete, Delete via BC	14942208	Print Processor Dll for Printer Drivers	Copyright © 2008 Black Ice Software, Inc.	--	2044
C:\xampp\apache\bin\libapr-1.dll Script: Quarantine, Delete, Delete via BC	1860960256	Apache Portable Runtime Library	Copyright (c) 2011 The Apache Software Foundation or its licensors, as applicable.	--	520, 3404
C:\xampp\apache\bin\libapriconv-1.dll Script: Quarantine, Delete, Delete via BC	1860501504	Apache Portable Runtime Library	Copyright 2000-2005 The Apache Software Foundation or its licensors, as applicable.	--	520, 3404
C:\xampp\apache\bin\libaprutil-1.dll Script: Quarantine, Delete, Delete via BC	1860567040	Apache Portable Runtime Utility Library	Copyright (c) 2011 The Apache Software Foundation or its licensors, as applicable.	--	520, 3404
C:\xampp\apache\bin\LIBEAY32.dll Script: Quarantine, Delete, Delete via BC	268435456	OpenSSL Shared Library	Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	--	520, 3404
C:\xampp\apache\bin\libhttpd.dll Script: Quarantine, Delete, Delete via BC	1877999616	Apache HTTP Server Core	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\bin\SSLEAY32.dll Script: Quarantine, Delete, Delete via BC	10092544	OpenSSL Shared Library	Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	--	520, 3404
C:\xampp\apache\modules\mod_actions.so Script: Quarantine, Delete, Delete via BC	1875771392	actions_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_alias.so Script: Quarantine, Delete, Delete via BC	1875705856	alias_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_asis.so Script: Quarantine, Delete, Delete via BC	1875640320	asis_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_auth_basic.so Script: Quarantine, Delete, Delete via BC	1877934080	auth_basic_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_auth_digest.so Script: Quarantine, Delete, Delete via BC	1877803008	auth_digest_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_authn_default.so Script: Quarantine, Delete, Delete via BC	1874132992	authn_default_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_authn_file.so Script: Quarantine, Delete, Delete via BC	1874067456	authn_file_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_authz_default.so Script: Quarantine, Delete, Delete via BC	1873936384	authz_default_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_authz_groupfile.so Script: Quarantine, Delete, Delete via BC	1873870848	authz_groupfile_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_authz_host.so Script: Quarantine, Delete, Delete via BC	1873805312	authz_host_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_authz_user.so Script: Quarantine, Delete, Delete via BC	1873739776	authz_user_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_autoindex.so Script: Quarantine, Delete, Delete via BC	1875509248	autoindex_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_cgi.so Script: Quarantine, Delete, Delete via BC	1875443712	cgi_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_dav.so Script: Quarantine, Delete, Delete via BC	1876688896	dav_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_dav_lock.so Script: Quarantine, Delete, Delete via BC	1872297984	dav_lock_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_dir.so Script: Quarantine, Delete, Delete via BC	1875378176	dir_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_env.so Script: Quarantine, Delete, Delete via BC	1875312640	env_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_headers.so Script: Quarantine, Delete, Delete via BC	1877606400	headers_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_include.so Script: Quarantine, Delete, Delete via BC	1875181568	include_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_info.so Script: Quarantine, Delete, Delete via BC	1877540864	info_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_isapi.so Script: Quarantine, Delete, Delete via BC	1875116032	isapi_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_log_config.so Script: Quarantine, Delete, Delete via BC	1875050496	log_config_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_mime.so Script: Quarantine, Delete, Delete via BC	1874984960	mime_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_negotiation.so Script: Quarantine, Delete, Delete via BC	1874919424	negotiation_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_proxy.so Script: Quarantine, Delete, Delete via BC	1872756736	proxy_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_proxy_ajp.so Script: Quarantine, Delete, Delete via BC	1873412096	proxy_ajp_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_rewrite.so Script: Quarantine, Delete, Delete via BC	1877409792	rewrite_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_setenvif.so Script: Quarantine, Delete, Delete via BC	1874853888	setenvif_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_ssl.so Script: Quarantine, Delete, Delete via BC	1875902464	proxy_ssl_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\apache\modules\mod_status.so Script: Quarantine, Delete, Delete via BC	1877278720	status_module for Apache	Copyright 2011 The Apache Software Foundation.	--	520, 3404
C:\xampp\php\ext\php_bz2.dll Script: Quarantine, Delete, Delete via BC	14352384	Bzip2	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_exif.dll Script: Quarantine, Delete, Delete via BC	23658496	EXIF	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_gd2.dll Script: Quarantine, Delete, Delete via BC	60030976	GD imaging	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_gettext.dll Script: Quarantine, Delete, Delete via BC	23855104	GetText	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_imap.dll Script: Quarantine, Delete, Delete via BC	31653888	IMAP	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_mbstring.dll Script: Quarantine, Delete, Delete via BC	57933824	Multibyte String Functions	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_mysql.dll Script: Quarantine, Delete, Delete via BC	24576000	MySQL	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_mysqli.dll Script: Quarantine, Delete, Delete via BC	26804224	MySQLi	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_pdo_mysql.dll Script: Quarantine, Delete, Delete via BC	27000832	MySQL driver for PDO	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_pdo_odbc.dll Script: Quarantine, Delete, Delete via BC	27131904	ODBC driver for PDO	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_pdo_sqlite.dll Script: Quarantine, Delete, Delete via BC	61145088	SQLite 3.x driver for PDO	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_soap.dll Script: Quarantine, Delete, Delete via BC	61734912	SOAP	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_sockets.dll Script: Quarantine, Delete, Delete via BC	27394048	Sockets	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_sqlite.dll Script: Quarantine, Delete, Delete via BC	62062592	SQLite	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_sqlite3.dll Script: Quarantine, Delete, Delete via BC	62324736	SQLite3	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\ext\php_xmlrpc.dll Script: Quarantine, Delete, Delete via BC	62980096	xmlrpc	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\php5apache2_2.dll Script: Quarantine, Delete, Delete via BC	11599872	Apache 2.0 Handler	Copyright © 1997-2010 The PHP Group	--	520, 3404
C:\xampp\php\php5ts.dll Script: Quarantine, Delete, Delete via BC	14614528	PHP Script Interpreter	Copyright © 1997-2010 The PHP Group	--	520, 3404
Modules found:636, recognized as trusted 507

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\WINDOWS\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, Delete via BC	B0359000	018000 (98304)
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Script: Quarantine, Delete, Delete via BC	F79C7000	002000 (8192)
C:\WINDOWS\system32\drivers\SbFw.sys Script: Quarantine, Delete, Delete via BC	B059C000	050000 (327680)	Sunbelt Personal Firewall driver	Copyright © 2002-2010 Sunbelt Software, Inc. All rights reserved.
C:\WINDOWS\system32\drivers\sbtis.sys Script: Quarantine, Delete, Delete via BC	B0569000	033000 (208896)	Sunbelt TDI Inspection System	Copyright © 2002-2010 Sunbelt Software, Inc. All rights reserved.
Modules found - 116, recognized as trusted - 112

Services

Service	Description	Status	File	Group	Dependencies
Apache2.2 Service: Stop, Delete, Disable, Delete via BC	Apache2.2	Running	C:\xampp\apache\bin\httpd.exe Script: Quarantine, Delete, Delete via BC		Tcpip
eBeam Device Service Service: Stop, Delete, Disable, Delete via BC	eBeam Device Service	Running	C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe Script: Quarantine, Delete, Delete via BC
Detected - 103, recognized as trusted - 101

Drivers

Service	Description	Status	File	Group	Dependencies
SbFw Driver: Unload, Delete, Disable, Delete via BC	SbFw	Running	C:\WINDOWS\system32\drivers\SbFw.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	tcpip
SbTis Driver: Unload, Delete, Disable, Delete via BC	SbTis	Running	C:\WINDOWS\system32\drivers\sbtis.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	tcpip
Abiosdsk Driver: Unload, Delete, Disable, Delete via BC	Abiosdsk	Not started	Abiosdsk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
abp480n5 Driver: Unload, Delete, Disable, Delete via BC	abp480n5	Not started	abp480n5.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
adpu160m Driver: Unload, Delete, Disable, Delete via BC	adpu160m	Not started	adpu160m.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Aha154x Driver: Unload, Delete, Disable, Delete via BC	Aha154x	Not started	Aha154x.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
aic78u2 Driver: Unload, Delete, Disable, Delete via BC	aic78u2	Not started	aic78u2.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
aic78xx Driver: Unload, Delete, Disable, Delete via BC	aic78xx	Not started	aic78xx.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
AliIde Driver: Unload, Delete, Disable, Delete via BC	AliIde	Not started	AliIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
amsint Driver: Unload, Delete, Disable, Delete via BC	amsint	Not started	amsint.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc Driver: Unload, Delete, Disable, Delete via BC	asc	Not started	asc.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc3350p Driver: Unload, Delete, Disable, Delete via BC	asc3350p	Not started	asc3350p.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc3550 Driver: Unload, Delete, Disable, Delete via BC	asc3550	Not started	asc3550.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Atdisk Driver: Unload, Delete, Disable, Delete via BC	Atdisk	Not started	Atdisk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
cd20xrnt Driver: Unload, Delete, Disable, Delete via BC	cd20xrnt	Not started	cd20xrnt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Changer Driver: Unload, Delete, Disable, Delete via BC	Changer	Not started	Changer.sys Script: Quarantine, Delete, Delete via BC	Filter
CmdIde Driver: Unload, Delete, Disable, Delete via BC	CmdIde	Not started	CmdIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
Cpqarray Driver: Unload, Delete, Disable, Delete via BC	Cpqarray	Not started	Cpqarray.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
dac960nt Driver: Unload, Delete, Disable, Delete via BC	dac960nt	Not started	dac960nt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
dpti2o Driver: Unload, Delete, Disable, Delete via BC	dpti2o	Not started	dpti2o.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
hpn Driver: Unload, Delete, Disable, Delete via BC	hpn	Not started	hpn.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
i2omgmt Driver: Unload, Delete, Disable, Delete via BC	i2omgmt	Not started	i2omgmt.sys Script: Quarantine, Delete, Delete via BC	SCSI Class
i2omp Driver: Unload, Delete, Disable, Delete via BC	i2omp	Not started	i2omp.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ini910u Driver: Unload, Delete, Disable, Delete via BC	ini910u	Not started	ini910u.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
IntelIde Driver: Unload, Delete, Disable, Delete via BC	IntelIde	Not started	IntelIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
lbrtfdc Driver: Unload, Delete, Disable, Delete via BC	lbrtfdc	Not started	lbrtfdc.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
mraid35x Driver: Unload, Delete, Disable, Delete via BC	mraid35x	Not started	mraid35x.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
PCIDump Driver: Unload, Delete, Disable, Delete via BC	PCIDump	Not started	PCIDump.sys Script: Quarantine, Delete, Delete via BC	PCI Configuration
PDCOMP Driver: Unload, Delete, Disable, Delete via BC	PDCOMP	Not started	PDCOMP.sys Script: Quarantine, Delete, Delete via BC
PDFRAME Driver: Unload, Delete, Disable, Delete via BC	PDFRAME	Not started	PDFRAME.sys Script: Quarantine, Delete, Delete via BC
PDRELI Driver: Unload, Delete, Disable, Delete via BC	PDRELI	Not started	PDRELI.sys Script: Quarantine, Delete, Delete via BC
PDRFRAME Driver: Unload, Delete, Disable, Delete via BC	PDRFRAME	Not started	PDRFRAME.sys Script: Quarantine, Delete, Delete via BC
perc2 Driver: Unload, Delete, Disable, Delete via BC	perc2	Not started	perc2.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
perc2hib Driver: Unload, Delete, Disable, Delete via BC	perc2hib	Not started	perc2hib.sys Script: Quarantine, Delete, Delete via BC	Filter
ql1080 Driver: Unload, Delete, Disable, Delete via BC	ql1080	Not started	ql1080.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Ql10wnt Driver: Unload, Delete, Disable, Delete via BC	Ql10wnt	Not started	Ql10wnt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql12160 Driver: Unload, Delete, Disable, Delete via BC	ql12160	Not started	ql12160.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql1240 Driver: Unload, Delete, Disable, Delete via BC	ql1240	Not started	ql1240.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql1280 Driver: Unload, Delete, Disable, Delete via BC	ql1280	Not started	ql1280.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
SBRE Driver: Unload, Delete, Disable, Delete via BC	SBRE	Not started	C:\WINDOWS\system32\drivers\SBREdrv.sys Script: Quarantine, Delete, Delete via BC	Base
Simbad Driver: Unload, Delete, Disable, Delete via BC	Simbad	Not started	Simbad.sys Script: Quarantine, Delete, Delete via BC	Filter
Sparrow Driver: Unload, Delete, Disable, Delete via BC	Sparrow	Not started	Sparrow.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
sym_hi Driver: Unload, Delete, Disable, Delete via BC	sym_hi	Not started	sym_hi.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
sym_u3 Driver: Unload, Delete, Disable, Delete via BC	sym_u3	Not started	sym_u3.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
symc810 Driver: Unload, Delete, Disable, Delete via BC	symc810	Not started	symc810.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
symc8xx Driver: Unload, Delete, Disable, Delete via BC	symc8xx	Not started	symc8xx.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
TosIde Driver: Unload, Delete, Disable, Delete via BC	TosIde	Not started	TosIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
ultra Driver: Unload, Delete, Disable, Delete via BC	ultra	Not started	ultra.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ViaIde Driver: Unload, Delete, Disable, Delete via BC	ViaIde	Not started	ViaIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
WDICA Driver: Unload, Delete, Disable, Delete via BC	WDICA	Not started	WDICA.sys Script: Quarantine, Delete, Delete via BC
Detected - 176, recognized as trusted - 126

Autoruns

File name	Status	Startup method	Description
C:\PROGRA~1\FilZip\fzshext.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {B28C18DB-6816-4F31-9630-397683E3C2C3} Delete
C:\Program Files\Avira\AntiVir Desktop\shlext.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {45AC2688-0253-4ED8-97DE-B5370FA7D48A} Delete
C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceCPL.cpl Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, eBeam Delete
C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\eBeam Device Service, EventMessageFile
C:\Program Files\Luidia\eBeam Interact\eBeamInteractive.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Martin\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Martin\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\eBeam Interact.lnk,
C:\Program Files\Mozilla Firefox\firefox.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Martin\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Martin\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk,
C:\WINDOWS\System32\Drivers\AliIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\aliide, EventMessageFile
C:\WINDOWS\System32\Drivers\CmdIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cmdide, EventMessageFile
C:\WINDOWS\System32\Drivers\IntelIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide, EventMessageFile
C:\WINDOWS\System32\Drivers\TosIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\toside, EventMessageFile
C:\WINDOWS\System32\Drivers\ViaIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\viaide, EventMessageFile
C:\WINDOWS\System32\Drivers\lbrtfdc.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc, EventMessageFile
C:\WINDOWS\System32\PrintFilterPipelineSvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc, EventMessageFile
C:\WINDOWS\System32\appmgmts.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters, ServiceDll Delete
C:\WINDOWS\System32\appmgmts.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management, EventMessageFile
C:\WINDOWS\System32\appmgr.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation, EventMessageFile
C:\WINDOWS\System32\fdeploy.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment, EventMessageFile
C:\WINDOWS\System32\fdeploy.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection, EventMessageFile
C:\WINDOWS\System32\hidserv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HidServ\Parameters, ServiceDll Delete
C:\WINDOWS\System32\igmpv2.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile
C:\WINDOWS\System32\ipbootp.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile
C:\WINDOWS\System32\iprip2.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile
C:\WINDOWS\System32\ntbackup.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup, EventMessageFile
C:\WINDOWS\System32\ospf.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF, EventMessageFile
C:\WINDOWS\System32\ospfmib.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib, EventMessageFile
C:\WINDOWS\System32\polagent.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent, EventMessageFile
C:\WINDOWS\System32\tssdis.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir, EventMessageFile
C:\WINDOWS\system32\MsSip1.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1, $DLL Delete
C:\WINDOWS\system32\MsSip2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2, $DLL Delete
C:\WINDOWS\system32\MsSip3.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3, $DLL Delete
C:\WINDOWS\system32\asr_fmt.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands, ASR format utility for volumes Delete
C:\WINDOWS\system32\asr_ldm.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands, ASR utility for Logical Disk Manager Delete
C:\WINDOWS\system32\asr_pfu.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands, ASR protected file utility Delete
C:\WINDOWS\system32\icardres.dll.mui Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, EventMessageFile
C:\WINDOWS\system32\psxss.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\WINDOWS\system32\stisvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System, EventMessageFile
SDEvents.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2, EventMessageFile
appmgmts.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}, DLLName Delete
c:\64de8c77c0897b7377669ba6c2\DW\DW20.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\aspnet_rc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 2.0.50727.0, EventMessageFile
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 3.0.0.0, EventMessageFile
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0, EventMessageFile
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ServiceModel Audit 3.0.0.0, EventMessageFile
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IdentityModel 3.0.0.0, EventMessageFile
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IO.Log 3.0.0.0, EventMessageFile
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.Runtime.Serialization 3.0.0.0, EventMessageFile
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.ServiceModel 3.0.0.0, EventMessageFile
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0, EventMessageFile
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SMSvcHost 3.0.0.0, EventMessageFile
c:\WINDOWS\system32\icardres.dll.mui Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 3.0.0.0, EventMessageFile
kbd101.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver JPN Delete
kbd101a.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver KOR Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, .DEFAULT\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-19\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-20\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-18\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Control Panel\IOProcs, MVB Delete
vgafix.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon Delete
vgaoem.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon Delete
vgasys.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon Delete
Autoruns items found - 857, recognized as trusted - 797

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
	Explorer Bar			{32683183-48a0-441b-a342-7c2a440a9478} Delete
Items found - 7, recognized as trusted - 6

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	Rozљншenн panelu Zobrazenн pro panoramatickй zobrazenн			{42071714-76d4-11d1-8b24-00a0c9068ff3} Delete
	Rozљншenн prostшedн pro kompresi souborщ			{764BF0E1-F219-11ce-972D-00AA00A14F56} Delete
	Kontextovб nabнdka љifrovбnн			{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} Delete
	Hlavnн panel a nabнdka Start			{0DF44EAA-FF21-4412-828E-260A8728E7F1} Delete
	Media Band			{32683183-48a0-441b-a342-7c2a440a9478} Delete
	Uћivatelskй ъиty			{7A9D77BD-5403-11d2-8785-2E0420524153} Delete
	IE User Assist			{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} Delete
C:\Program Files\Avira\AntiVir Desktop\shlext.dll Script: Quarantine, Delete, Delete via BC	Shell Extension for Malware scanning	Avira Shell Extension Library	© 2000 - 2011 Avira Operations GmbH & Co. KG and its Licensors	{45AC2688-0253-4ED8-97DE-B5370FA7D48A} Delete
	Windows Search Shell Service			{da67b8ad-e81b-4c70-9b91b417b5e33527} Delete
C:\PROGRA~1\FilZip\fzshext.dll Script: Quarantine, Delete, Delete via BC	FilZip Shell Extension	Filzip context menu extension	(c) 1997-2001 by Philipp Engel	{B28C18DB-6816-4F31-9630-397683E3C2C3} Delete
	OpenOffice.org Column Handler			{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} Delete
	OpenOffice.org Infotip Handler			{087B3AE3-E237-4467-B8DB-5A38AB959AC9} Delete
	OpenOffice.org Property Sheet Handler			{63542C48-9552-494A-84F7-73AA6A7C99C1} Delete
	OpenOffice.org Thumbnail Viewer			{3B092F0C-7696-40E3-A80F-68D74DA84210} Delete
	ColumnHandler			{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} Delete
Items found - 218, recognized as trusted - 203

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
C:\WINDOWS\system32\BuEMonNT.dll Script: Quarantine, Delete, Delete via BC	Monitor	eBeam Printer Monitor	Port Monitor Dll for Printer Drivers	Copyright © 2008 Black Ice Software, Inc.
Items found - 9, recognized as trusted - 8

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer
C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe Script: Quarantine, Delete, Delete via BC	Ad-Aware Antivirus Scheduled Scan.job Script: Delete	The task has not yet run.
Items found - 5, recognized as trusted - 4

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 3, recognized as trusted - 3

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 11, recognized as trusted - 11
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
80 LISTENING 0.0.0.0 30793 [520] c:\xampp\apache\bin\httpd.exe
Script: Quarantine, Delete, Delete via BC, Terminate
135 LISTENING 0.0.0.0 47314 [1320] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
139 LISTENING 0.0.0.0 16468 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
443 LISTENING 0.0.0.0 55546 [520] c:\xampp\apache\bin\httpd.exe
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING 0.0.0.0 57559 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
1026 LISTENING 0.0.0.0 2192 [3864] c:\windows\system32\alg.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1610 ESTABLISHED 127.0.0.1 1611 [3604] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1611 ESTABLISHED 127.0.0.1 1610 [3604] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2207 LAST_ACK 50.57.204.250 80 [920] c:\documents and settings\all users\data aplikacн\ad-aware browsing protection\adawarebp.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2208 CLOSE_WAIT 89.108.67.190 80 [4020] c:\documents and settings\martin\plocha\avz4\avz.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2209 CLOSE_WAIT 50.57.204.250 80 [920] c:\documents and settings\all users\data aplikacн\ad-aware browsing protection\adawarebp.exe
Script: Quarantine, Delete, Delete via BC, Terminate
3306 LISTENING 0.0.0.0 38974 [1548] c:\xampp\mysql\bin\mysqld.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5152 LISTENING 0.0.0.0 32822 [1104] c:\program files\java\jre7\bin\jqs.exe
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123 LISTENING -- -- [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
123 LISTENING -- -- [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
500 LISTENING -- -- [1048] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1612] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1612] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
4500 LISTENING -- -- [1048] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Items found - 4, recognized as trusted - 4

Control Panel Applets (CPL)

File name Description Manufacturer
Items found - 28, recognized as trusted - 28

Active Setup

File name Description Manufacturer CLSID
Items found - 14, recognized as trusted - 14

HOSTS file

Hosts file record
127.0.0.1 localhost
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Items found - 29, recognized as trusted - 26

Suspicious objects

File Description Type

AVZ Antiviral Toolkit log; AVZ version is 4.39
Scanning started at 05.06.2012 19:30:37
Database loaded: signatures - 297616, NN profile(s) - 2, malware removal microprograms - 56, signature database released 05.06.2012 16:00
Heuristic microprograms loaded: 399
PVS microprograms loaded: 9
Digital signatures of system files loaded: 413054
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Driver loaded successfully
 SDT found (RVA=083320)
 Kernel ntoskrnl.exe found in memory at address 804D7000
   SDT = 8055A320
   KiST = 804E26B8 (284)
Functions checked: 284, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
 Analyzing CPU 1
 Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Driver loaded successfully
 Checking - complete
2. Scanning RAM
 Number of processes found: 39
Extended process analysis: 520 C:\xampp\apache\bin\httpd.exe
[ES]:Program code includes networking-related functionality
[ES]:Listens on TCP ports !
[ES]:Application has no visible windows
Extended process analysis: 660 C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 3296 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
[ES]:Application has no visible windows
Extended process analysis: 3404 C:\xampp\apache\bin\httpd.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 3604 C:\Program Files\Mozilla Firefox\firefox.exe
[ES]:Program code includes networking-related functionality
[ES]:Registered for automatic startup !!
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 796 C:\Program Files\Mozilla Firefox\plugin-container.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
 Number of modules loaded: 639
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Termin?lov? slu?ba)
>> Services: potentially dangerous service allowed: SSDPSRV (Slu?ba rozpozn?v?n? pomoc? protokolu SSDP)
>> Services: potentially dangerous service allowed: Schedule (Pl?nova? ?loh)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting - Vzd?len? sd?len? plochy)
>> Services: potentially dangerous service allowed: RDSessMgr (Spr?vce relac? n?pov?dy ke vzd?len? plo?e)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 678, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 05.06.2012 19:32:08
Time of scanning: 00:01:33
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (Terminбlovб sluћba)
Performance tweaking: disable service SSDPSRV (Sluћba rozpoznбvбnн pomocн protokolu SSDP)
Performance tweaking: disable service Schedule (Plбnovaи ъloh)
Performance tweaking: disable service mnmsrvc (NetMeeting - Vzdбlenй sdнlenн plochy)
Performance tweaking: disable service RDSessMgr (Sprбvce relacн nбpovмdy ke vzdбlenй ploљe)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
80	LISTENING	0.0.0.0	30793	[520] c:\xampp\apache\bin\httpd.exe Script: Quarantine, Delete, Delete via BC, Terminate
135	LISTENING	0.0.0.0	47314	[1320] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
139	LISTENING	0.0.0.0	16468	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
443	LISTENING	0.0.0.0	55546	[520] c:\xampp\apache\bin\httpd.exe Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	0.0.0.0	57559	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
1026	LISTENING	0.0.0.0	2192	[3864] c:\windows\system32\alg.exe Script: Quarantine, Delete, Delete via BC, Terminate
1610	ESTABLISHED	127.0.0.1	1611	[3604] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
1611	ESTABLISHED	127.0.0.1	1610	[3604] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
2207	LAST_ACK	50.57.204.250	80	[920] c:\documents and settings\all users\data aplikacн\ad-aware browsing protection\adawarebp.exe Script: Quarantine, Delete, Delete via BC, Terminate
2208	CLOSE_WAIT	89.108.67.190	80	[4020] c:\documents and settings\martin\plocha\avz4\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate
2209	CLOSE_WAIT	50.57.204.250	80	[920] c:\documents and settings\all users\data aplikacн\ad-aware browsing protection\adawarebp.exe Script: Quarantine, Delete, Delete via BC, Terminate
3306	LISTENING	0.0.0.0	38974	[1548] c:\xampp\mysql\bin\mysqld.exe Script: Quarantine, Delete, Delete via BC, Terminate
5152	LISTENING	0.0.0.0	32822	[1104] c:\program files\java\jre7\bin\jqs.exe Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123	LISTENING	--	--	[1444] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
123	LISTENING	--	--	[1444] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
500	LISTENING	--	--	[1048] c:\windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[1612] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[1612] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
4500	LISTENING	--	--	[1048] c:\windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC, Terminate