Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 18/12/2011; 16:18)

List of processes

File name	PID	Description	Copyright	MD5	Information
AESTSr64.exe Script: Quarantine, Delete, BC delete, Terminate	2152			??	error getting file info Command line:
c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate	1612	avast! Service	Copyright (c) 2011 AVAST Software	??	43.72 kb, rsAh, created: 30.11.2011 18:06:20, modified: 28.11.2011 19:01:23 Command line: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
hpCaslNotification.exe Script: Quarantine, Delete, BC delete, Terminate	4968			??	error getting file info Command line:
HPSA_Service.exe Script: Quarantine, Delete, BC delete, Terminate	3412			??	error getting file info Command line:
HPWAMain.exe Script: Quarantine, Delete, BC delete, Terminate	3360			??	error getting file info Command line:
PresentationFontCache.exe Script: Quarantine, Delete, BC delete, Terminate	4888			??	error getting file info Command line:
SmartMenu.exe Script: Quarantine, Delete, BC delete, Terminate	3268			??	error getting file info Command line:
stacsv64.exe Script: Quarantine, Delete, BC delete, Terminate	608			??	error getting file info Command line:
SynTPEnh.exe Script: Quarantine, Delete, BC delete, Terminate	4064			??	error getting file info Command line:
SynTPHelper.exe Script: Quarantine, Delete, BC delete, Terminate	3552			??	error getting file info Command line:
TrustedInstaller.exe Script: Quarantine, Delete, BC delete, Terminate	3092			??	error getting file info Command line:
wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate	3644			??	error getting file info Command line:
Detected:89, recognized as trusted 78

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Program Files\Alwil Software\Avast5\defs\11122200\algo.dll Script: Quarantine, Delete, BC delete	1935671296			--	1612
Modules detected:386, recognized as trusted 385

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\System32\Drivers\dump_dumpfve.sys Script: Quarantine, Delete, BC delete	7A3C000	013000 (77824)
C:\Windows\System32\Drivers\dump_iaStor.sys Script: Quarantine, Delete, BC delete	4030000	11C000 (1163264)
C:\Windows\System32\Drivers\spoc.sys Script: Quarantine, Delete, BC delete	10BB000	126000 (1204224)
Modules detected - 217, recognized as trusted - 214

Services

Service	Description	Status	File	Group	Dependencies
Detected - 161, recognized as trusted - 161

Drivers

Service	Description	Status	File	Group	Dependencies
sptd Driver: Unload, Delete, Disable, BC delete	sptd	Running	C:\Windows\System32\Drivers\sptd.sys Script: Quarantine, Delete, BC delete	Boot Bus Extender
utmxote2 Driver: Unload, Delete, Disable, BC delete	AVZ Kernel Driver	Not started	C:\Windows\system32\Drivers\utmxote2.sys Script: Quarantine, Delete, BC delete
uzmxote2 Driver: Unload, Delete, Disable, BC delete	AVZ-RK Kernel Driver	Not started	C:\Windows\system32\Drivers\uzmxote2.sys Script: Quarantine, Delete, BC delete	EMS
vdmxote2 Driver: Unload, Delete, Disable, BC delete	AVZ-BC Kernel Driver	Not started	C:\Windows\system32\Drivers\vdmxote2.sys Script: Quarantine, Delete, BC delete	EMS
Detected - 285, recognized as trusted - 281

Autoruns

File name	Status	Startup method	Description
C:\4ae22d2358e8b9a48d4073\DW\DW20.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
C:\Program Files (x86)\Common Files\Steam\SteamService.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Steam Client Service, EventMessageFile
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\Majk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Majk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk,
C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Synchronize, EventMessageFile
C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk,
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_USERS, S-1-5-21-1060778574-2734076644-3100013476-1000\Software\Microsoft\Windows\CurrentVersion\Run, msnmsgr Delete
C:\Users\Majk\AppData\Local\Temp\_uninst_27051543.bat Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\Majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_27051543.lnk,
C:\Windows\system32\psxss.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
auditcse.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName Delete
rdpclip Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms Delete
Autoruns items detected - 642, recognized as trusted - 632

Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
C:\Program Files\Java\jre6\bin\jp2ssv.dll Script: Quarantine, Delete, BC delete	BHO			{DBC80044-A445-435b-BC74-9C25C1C588A9} Delete
	Extension module			{2670000A-7350-4f3c-8081-5663EE0C6C49} Delete
	Extension module			{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} Delete
Elements detected - 7, recognized as trusted - 4

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	WinRAR shell extension			{B41DB860-8EE4-11D2-9906-E49FADC173CA} Delete
	ColumnHandler			{F9DB5320-233E-11D1-9F84-707F02C10627} Delete
Elements detected - 33, recognized as trusted - 31

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
CNBLM3_3.DLL Script: Quarantine, Delete, BC delete	Monitor	BJ Language Monitor3_3
localspl.dll Script: Quarantine, Delete, BC delete	Monitor	Local Port
FXSMON.DLL Script: Quarantine, Delete, BC delete	Monitor	Microsoft Shared Fax Monitor
tcpmon.dll Script: Quarantine, Delete, BC delete	Monitor	Standard TCP/IP Port
usbmon.dll Script: Quarantine, Delete, BC delete	Monitor	USB Monitor
WSDMon.dll Script: Quarantine, Delete, BC delete	Monitor	WSD Port
inetpp.dll Script: Quarantine, Delete, BC delete	Provider	HTTP Print Services
Elements detected - 8, recognized as trusted - 1

Task Scheduler jobs

File name	Job name	Job status	Description	Manufacturer
Elements detected - 1, recognized as trusted - 1

SPI/LSP settings

Namespace providers (NSP)

Provider	Status	EXE file	Description	GUID
Detected - 7, recognized as trusted - 7

Transport protocol providers (TSP, LSP)

Provider EXE file Description
Detected - 11, recognized as trusted - 11
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [920] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
554 LISTENING 0.0.0.0 0 [3644] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
2869 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
10000 LISTENING 0.0.0.0 0 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
10243 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
12025 LISTENING 0.0.0.0 0 [1612] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 LISTENING 0.0.0.0 0 [1612] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 ESTABLISHED 127.0.0.1 49419 [1612] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12110 LISTENING 0.0.0.0 0 [1612] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12119 LISTENING 0.0.0.0 0 [1612] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12143 LISTENING 0.0.0.0 0 [1612] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12465 LISTENING 0.0.0.0 0 [1612] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12563 LISTENING 0.0.0.0 0 [1612] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12993 LISTENING 0.0.0.0 0 [1612] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12995 LISTENING 0.0.0.0 0 [1612] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
17500 LISTENING 0.0.0.0 0 [1528] c:\users\majk\appdata\roaming\dropbox\bin\dropbox.exe
Script: Quarantine, Delete, BC delete, Terminate
19872 ESTABLISHED 127.0.0.1 49380 [1528] c:\users\majk\appdata\roaming\dropbox\bin\dropbox.exe
Script: Quarantine, Delete, BC delete, Terminate
48691 LISTENING 0.0.0.0 0 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
48691 TIME_WAIT 24.100.162.84 57808 [0]
48691 TIME_WAIT 46.150.44.85 62002 [0]
48691 TIME_WAIT 50.65.9.142 59456 [0]
48691 TIME_WAIT 69.108.122.221 54446 [0]
48691 TIME_WAIT 71.59.221.109 58634 [0]
48691 ESTABLISHED 71.195.116.146 54242 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
48691 TIME_WAIT 75.142.13.76 54725 [0]
48691 ESTABLISHED 77.234.135.210 38227 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
48691 TIME_WAIT 82.149.8.111 52872 [0]
48691 TIME_WAIT 84.52.132.232 64293 [0]
48691 TIME_WAIT 88.25.56.53 57137 [0]
48691 TIME_WAIT 88.200.70.47 57986 [0]
48691 TIME_WAIT 89.142.229.27 49744 [0]
48691 TIME_WAIT 89.143.44.46 4635 [0]
48691 TIME_WAIT 89.143.135.85 53633 [0]
48691 TIME_WAIT 89.212.43.13 58434 [0]
48691 TIME_WAIT 89.212.222.45 63563 [0]
48691 TIME_WAIT 90.157.166.129 61767 [0]
48691 TIME_WAIT 90.157.166.129 62463 [0]
48691 TIME_WAIT 91.146.172.110 4015 [0]
48691 TIME_WAIT 92.37.95.251 64904 [0]
48691 TIME_WAIT 92.37.121.164 58277 [0]
48691 TIME_WAIT 92.63.23.244 56227 [0]
48691 TIME_WAIT 92.63.23.244 56447 [0]
48691 TIME_WAIT 93.103.76.185 59396 [0]
48691 TIME_WAIT 93.103.93.100 50746 [0]
48691 TIME_WAIT 93.103.94.77 57023 [0]
48691 TIME_WAIT 93.103.105.100 63345 [0]
48691 TIME_WAIT 93.103.153.46 55618 [0]
48691 TIME_WAIT 109.123.24.161 58118 [0]
48691 TIME_WAIT 109.123.24.161 58228 [0]
48691 TIME_WAIT 109.158.83.118 64847 [0]
48691 TIME_WAIT 174.75.114.90 59510 [0]
48691 TIME_WAIT 188.230.145.222 59017 [0]
49152 LISTENING 0.0.0.0 0 [596] wininit.exe
Script: Quarantine, Delete, BC delete, Terminate
49153 LISTENING 0.0.0.0 0 [1016] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49154 LISTENING 0.0.0.0 0 [672] lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
49155 LISTENING 0.0.0.0 0 [524] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49161 LISTENING 0.0.0.0 0 [664] services.exe
Script: Quarantine, Delete, BC delete, Terminate
49162 LISTENING 0.0.0.0 0 [1560] spoolsv.exe
Script: Quarantine, Delete, BC delete, Terminate
49163 LISTENING 0.0.0.0 0 [3036] alg.exe
Script: Quarantine, Delete, BC delete, Terminate
49380 ESTABLISHED 127.0.0.1 19872 [1528] c:\users\majk\appdata\roaming\dropbox\bin\dropbox.exe
Script: Quarantine, Delete, BC delete, Terminate
49402 CLOSE_WAIT 199.47.217.173 443 [1528] c:\users\majk\appdata\roaming\dropbox\bin\dropbox.exe
Script: Quarantine, Delete, BC delete, Terminate
49419 ESTABLISHED 127.0.0.1 12080 [1528] c:\users\majk\appdata\roaming\dropbox\bin\dropbox.exe
Script: Quarantine, Delete, BC delete, Terminate
49420 ESTABLISHED 199.47.218.147 80 [1612] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50358 FIN_WAIT2 68.225.225.201 51933 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50412 TIME_WAIT 89.143.44.46 40337 [0]
50444 TIME_WAIT 109.123.7.181 48643 [0]
50448 TIME_WAIT 212.235.180.93 53847 [0]
50574 FIN_WAIT2 68.225.225.201 51933 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50588 TIME_WAIT 92.37.121.164 12675 [0]
50599 LAST_ACK 71.226.216.189 42591 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50648 FIN_WAIT2 151.74.12.135 62894 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50662 TIME_WAIT 89.142.23.43 4662 [0]
50678 TIME_WAIT 90.157.169.138 32079 [0]
50689 TIME_WAIT 109.158.83.118 59239 [0]
50700 TIME_WAIT 95.180.76.163 50405 [0]
50728 TIME_WAIT 84.52.132.232 21378 [0]
50736 SYN_SENT 184.6.151.226 62474 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50740 SYN_SENT 93.82.115.28 61165 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50741 SYN_SENT 50.71.87.33 17758 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50742 SYN_SENT 182.239.168.127 45105 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50743 SYN_SENT 174.88.253.37 62402 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50753 SYN_SENT 121.162.45.51 40033 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50754 SYN_SENT 114.30.112.147 45105 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50755 SYN_SENT 75.142.13.76 20280 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50757 SYN_SENT 89.143.124.24 51304 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50761 SYN_SENT 70.57.222.83 37053 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50763 SYN_SENT 80.99.81.161 23229 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50765 SYN_SENT 108.213.153.90 31152 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50766 SYN_SENT 108.88.8.116 34231 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50767 SYN_SENT 99.192.46.157 17889 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50768 SYN_SENT 24.116.93.5 56259 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50769 SYN_SENT 59.177.41.222 62776 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50770 SYN_SENT 24.239.222.48 30614 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50772 TIME_WAIT 109.123.7.181 48643 [0]
50773 SYN_SENT 99.33.234.194 50661 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50774 SYN_SENT 98.176.112.152 36436 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50778 TIME_WAIT 89.212.222.45 51251 [0]
50785 SYN_SENT 81.207.2.135 20631 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50786 SYN_SENT 82.46.224.83 54299 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50788 SYN_SENT 86.24.36.226 47488 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50790 SYN_SENT 89.143.33.186 13939 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50791 SYN_SENT 89.143.11.170 33258 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50792 SYN_SENT 86.61.47.151 4662 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50796 SYN_SENT 81.165.203.4 60958 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50797 SYN_SENT 78.144.138.70 60814 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50802 SYN_SENT 76.29.77.158 47298 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50803 SYN_SENT 76.248.246.79 42908 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50805 SYN_SENT 99.44.62.171 41786 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50806 SYN_SENT 93.103.153.46 10450 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50807 ESTABLISHED 120.140.57.104 8457 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50808 SYN_SENT 68.202.15.85 55670 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
50809 SYN_SENT 86.44.32.186 14543 [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
53 LISTENING -- -- [524] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
68 LISTENING -- -- [1016] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [3124] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [3124] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [4448] c:\program files (x86)\opera\opera.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [4448] c:\program files (x86)\opera\opera.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [3124] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5004 LISTENING -- -- [3644] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5005 LISTENING -- -- [3644] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5355 LISTENING -- -- [1356] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
6771 LISTENING -- -- [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
17500 LISTENING -- -- [1528] c:\users\majk\appdata\roaming\dropbox\bin\dropbox.exe
Script: Quarantine, Delete, BC delete, Terminate
48691 LISTENING -- -- [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
57976 LISTENING -- -- [524] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
57977 LISTENING -- -- [524] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
57990 LISTENING -- -- [524] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
57992 LISTENING -- -- [524] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
58003 LISTENING -- -- [3124] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
58004 LISTENING -- -- [3124] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
58005 LISTENING -- -- [3124] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
58477 LISTENING -- -- [3000] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, BC delete, Terminate
60396 LISTENING -- -- [4448] c:\program files (x86)\opera\opera.exe
Script: Quarantine, Delete, BC delete, Terminate
60397 LISTENING -- -- [4448] c:\program files (x86)\opera\opera.exe
Script: Quarantine, Delete, BC delete, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
{7530BFB8-7293-4D34-9923-61A11451AFC5}
Delete http://download.eset.com/special/eos/OnlineScanner.cab
Elements detected - 1, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
C:\Windows\system32\FlashPlayerCPLApp.cpl
Script: Quarantine, Delete, BC delete Adobe Flash Player Control Panel Applet Copyright © 1996-2010 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
Elements detected - 19, recognized as trusted - 18

Active Setup

File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9

HOSTS file

Hosts file record
яю1
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 17, recognized as trusted - 14

Suspicious objects

File Description Type

Main script of analysis
Windows version: Windows 7 Home Premium, Build=7601, SP="Service Pack 1"
System Restore: enabled
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
 >>  Disable HDD autorun
 >>  Disable autorun from network drives
 >>  Disable CD/DVD autorun
 >>  Disable removable media autorun
 >>  Windows Explorer - show extensions of known file types
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Registry cleanup after deleting files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
135	LISTENING	0.0.0.0	0	[920] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
139	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
139	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
445	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
554	LISTENING	0.0.0.0	0	[3644] wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate
2869	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
10000	LISTENING	0.0.0.0	0	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
10243	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
12025	LISTENING	0.0.0.0	0	[1612] c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate
12080	LISTENING	0.0.0.0	0	[1612] c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate
12080	ESTABLISHED	127.0.0.1	49419	[1612] c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate
12110	LISTENING	0.0.0.0	0	[1612] c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate
12119	LISTENING	0.0.0.0	0	[1612] c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate
12143	LISTENING	0.0.0.0	0	[1612] c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate
12465	LISTENING	0.0.0.0	0	[1612] c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate
12563	LISTENING	0.0.0.0	0	[1612] c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate
12993	LISTENING	0.0.0.0	0	[1612] c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate
12995	LISTENING	0.0.0.0	0	[1612] c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate
17500	LISTENING	0.0.0.0	0	[1528] c:\users\majk\appdata\roaming\dropbox\bin\dropbox.exe Script: Quarantine, Delete, BC delete, Terminate
19872	ESTABLISHED	127.0.0.1	49380	[1528] c:\users\majk\appdata\roaming\dropbox\bin\dropbox.exe Script: Quarantine, Delete, BC delete, Terminate
48691	LISTENING	0.0.0.0	0	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
48691	TIME_WAIT	24.100.162.84	57808	[0]
48691	TIME_WAIT	46.150.44.85	62002	[0]
48691	TIME_WAIT	50.65.9.142	59456	[0]
48691	TIME_WAIT	69.108.122.221	54446	[0]
48691	TIME_WAIT	71.59.221.109	58634	[0]
48691	ESTABLISHED	71.195.116.146	54242	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
48691	TIME_WAIT	75.142.13.76	54725	[0]
48691	ESTABLISHED	77.234.135.210	38227	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
48691	TIME_WAIT	82.149.8.111	52872	[0]
48691	TIME_WAIT	84.52.132.232	64293	[0]
48691	TIME_WAIT	88.25.56.53	57137	[0]
48691	TIME_WAIT	88.200.70.47	57986	[0]
48691	TIME_WAIT	89.142.229.27	49744	[0]
48691	TIME_WAIT	89.143.44.46	4635	[0]
48691	TIME_WAIT	89.143.135.85	53633	[0]
48691	TIME_WAIT	89.212.43.13	58434	[0]
48691	TIME_WAIT	89.212.222.45	63563	[0]
48691	TIME_WAIT	90.157.166.129	61767	[0]
48691	TIME_WAIT	90.157.166.129	62463	[0]
48691	TIME_WAIT	91.146.172.110	4015	[0]
48691	TIME_WAIT	92.37.95.251	64904	[0]
48691	TIME_WAIT	92.37.121.164	58277	[0]
48691	TIME_WAIT	92.63.23.244	56227	[0]
48691	TIME_WAIT	92.63.23.244	56447	[0]
48691	TIME_WAIT	93.103.76.185	59396	[0]
48691	TIME_WAIT	93.103.93.100	50746	[0]
48691	TIME_WAIT	93.103.94.77	57023	[0]
48691	TIME_WAIT	93.103.105.100	63345	[0]
48691	TIME_WAIT	93.103.153.46	55618	[0]
48691	TIME_WAIT	109.123.24.161	58118	[0]
48691	TIME_WAIT	109.123.24.161	58228	[0]
48691	TIME_WAIT	109.158.83.118	64847	[0]
48691	TIME_WAIT	174.75.114.90	59510	[0]
48691	TIME_WAIT	188.230.145.222	59017	[0]
49152	LISTENING	0.0.0.0	0	[596] wininit.exe Script: Quarantine, Delete, BC delete, Terminate
49153	LISTENING	0.0.0.0	0	[1016] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
49154	LISTENING	0.0.0.0	0	[672] lsass.exe Script: Quarantine, Delete, BC delete, Terminate
49155	LISTENING	0.0.0.0	0	[524] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
49161	LISTENING	0.0.0.0	0	[664] services.exe Script: Quarantine, Delete, BC delete, Terminate
49162	LISTENING	0.0.0.0	0	[1560] spoolsv.exe Script: Quarantine, Delete, BC delete, Terminate
49163	LISTENING	0.0.0.0	0	[3036] alg.exe Script: Quarantine, Delete, BC delete, Terminate
49380	ESTABLISHED	127.0.0.1	19872	[1528] c:\users\majk\appdata\roaming\dropbox\bin\dropbox.exe Script: Quarantine, Delete, BC delete, Terminate
49402	CLOSE_WAIT	199.47.217.173	443	[1528] c:\users\majk\appdata\roaming\dropbox\bin\dropbox.exe Script: Quarantine, Delete, BC delete, Terminate
49419	ESTABLISHED	127.0.0.1	12080	[1528] c:\users\majk\appdata\roaming\dropbox\bin\dropbox.exe Script: Quarantine, Delete, BC delete, Terminate
49420	ESTABLISHED	199.47.218.147	80	[1612] c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate
50358	FIN_WAIT2	68.225.225.201	51933	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50412	TIME_WAIT	89.143.44.46	40337	[0]
50444	TIME_WAIT	109.123.7.181	48643	[0]
50448	TIME_WAIT	212.235.180.93	53847	[0]
50574	FIN_WAIT2	68.225.225.201	51933	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50588	TIME_WAIT	92.37.121.164	12675	[0]
50599	LAST_ACK	71.226.216.189	42591	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50648	FIN_WAIT2	151.74.12.135	62894	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50662	TIME_WAIT	89.142.23.43	4662	[0]
50678	TIME_WAIT	90.157.169.138	32079	[0]
50689	TIME_WAIT	109.158.83.118	59239	[0]
50700	TIME_WAIT	95.180.76.163	50405	[0]
50728	TIME_WAIT	84.52.132.232	21378	[0]
50736	SYN_SENT	184.6.151.226	62474	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50740	SYN_SENT	93.82.115.28	61165	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50741	SYN_SENT	50.71.87.33	17758	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50742	SYN_SENT	182.239.168.127	45105	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50743	SYN_SENT	174.88.253.37	62402	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50753	SYN_SENT	121.162.45.51	40033	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50754	SYN_SENT	114.30.112.147	45105	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50755	SYN_SENT	75.142.13.76	20280	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50757	SYN_SENT	89.143.124.24	51304	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50761	SYN_SENT	70.57.222.83	37053	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50763	SYN_SENT	80.99.81.161	23229	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50765	SYN_SENT	108.213.153.90	31152	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50766	SYN_SENT	108.88.8.116	34231	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50767	SYN_SENT	99.192.46.157	17889	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50768	SYN_SENT	24.116.93.5	56259	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50769	SYN_SENT	59.177.41.222	62776	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50770	SYN_SENT	24.239.222.48	30614	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50772	TIME_WAIT	109.123.7.181	48643	[0]
50773	SYN_SENT	99.33.234.194	50661	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50774	SYN_SENT	98.176.112.152	36436	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50778	TIME_WAIT	89.212.222.45	51251	[0]
50785	SYN_SENT	81.207.2.135	20631	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50786	SYN_SENT	82.46.224.83	54299	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50788	SYN_SENT	86.24.36.226	47488	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50790	SYN_SENT	89.143.33.186	13939	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50791	SYN_SENT	89.143.11.170	33258	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50792	SYN_SENT	86.61.47.151	4662	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50796	SYN_SENT	81.165.203.4	60958	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50797	SYN_SENT	78.144.138.70	60814	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50802	SYN_SENT	76.29.77.158	47298	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50803	SYN_SENT	76.248.246.79	42908	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50805	SYN_SENT	99.44.62.171	41786	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50806	SYN_SENT	93.103.153.46	10450	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50807	ESTABLISHED	120.140.57.104	8457	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50808	SYN_SENT	68.202.15.85	55670	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
50809	SYN_SENT	86.44.32.186	14543	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
UDP ports
53	LISTENING	--	--	[524] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
68	LISTENING	--	--	[1016] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[3124] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[3124] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[4448] c:\program files (x86)\opera\opera.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[4448] c:\program files (x86)\opera\opera.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[3124] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
5004	LISTENING	--	--	[3644] wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate
5005	LISTENING	--	--	[3644] wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate
5355	LISTENING	--	--	[1356] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
6771	LISTENING	--	--	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
17500	LISTENING	--	--	[1528] c:\users\majk\appdata\roaming\dropbox\bin\dropbox.exe Script: Quarantine, Delete, BC delete, Terminate
48691	LISTENING	--	--	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
57976	LISTENING	--	--	[524] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
57977	LISTENING	--	--	[524] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
57990	LISTENING	--	--	[524] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
57992	LISTENING	--	--	[524] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
58003	LISTENING	--	--	[3124] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
58004	LISTENING	--	--	[3124] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
58005	LISTENING	--	--	[3124] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
58477	LISTENING	--	--	[3000] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, BC delete, Terminate
60396	LISTENING	--	--	[4448] c:\program files (x86)\opera\opera.exe Script: Quarantine, Delete, BC delete, Terminate
60397	LISTENING	--	--	[4448] c:\program files (x86)\opera\opera.exe Script: Quarantine, Delete, BC delete, Terminate