Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\program files\adobe\acrobat 9.0\acrobat\acrotray.exe Script: Quarantine, Delete, Delete via BC, Terminate	376	AcroTray	Copyright 1984-2010 Adobe Systems Incorporated and its licensors. All rights reserved.	??	625.43 kb, rsAh, created: 25.10.2009 13:56:30, modified: 22.09.2010 18:11:26 Command line: "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
c:\program files\betclic poker.com\betclic pokercom.exe Script: Quarantine, Delete, Delete via BC, Terminate	1756			??	822.50 kb, rsAh, created: 08.09.2011 17:39:05, modified: 22.10.2011 08:38:27 Command line: "C:\Program Files\BetClic Poker.com\BetClic Pokercom.exe" /wait 1636 /clone
c:\program files\canon\myprinter\bjmyprt.exe Script: Quarantine, Delete, Delete via BC, Terminate	408	Canon My Printer	Copyright 2004-2007 CANON INC. All Rights Reserved.	??	1565.58 kb, rsAh, created: 25.10.2009 16:55:57, modified: 03.04.2007 18:50:00 Command line: "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
c:\program files\ati technologies\ati.ace\cli.exe Script: Quarantine, Delete, Delete via BC, Terminate	2320	CLI Application (Command Line Interface)	2002-2005	??	44.00 kb, rsAh, created: 02.01.2006 17:41:22, modified: 02.01.2006 17:41:22 Command line: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" -hide Dashboard
c:\program files\ati technologies\ati.ace\cli.exe Script: Quarantine, Delete, Delete via BC, Terminate	440	CLI Application (Command Line Interface)	2002-2005	??	44.00 kb, rsAh, created: 02.01.2006 17:41:22, modified: 02.01.2006 17:41:22 Command line: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
c:\program files\ati technologies\ati.ace\cli.exe Script: Quarantine, Delete, Delete via BC, Terminate	2156	CLI Application (Command Line Interface)	2002-2005	??	44.00 kb, rsAh, created: 02.01.2006 17:41:22, modified: 02.01.2006 17:41:22 Command line: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" -hide SystemTray
c:\windows\explorer.exe Script: Quarantine, Delete, Delete via BC, Terminate	1672	Prщzkumnнk Windows	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	1010.00 kb, rsAh, created: 14.04.2008 10:52:24, modified: 14.04.2008 10:52:24 Command line: C:\WINDOWS\Explorer.EXE
c:\program files\java\jre6\bin\jqs.exe Script: Quarantine, Delete, Delete via BC, Terminate	1412	Java(TM) Quick Starter Service	Copyright © 2011	??	149.78 kb, rsAh, created: 23.10.2009 19:09:23, modified: 03.10.2011 05:06:18 Command line: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
c:\program files\the kmplayer\kmplayer.exe Script: Quarantine, Delete, Delete via BC, Terminate	504	The KMPlayer	Copyright Pandora.TV 2009.	??	6749.00 kb, rsAh, created: 03.11.2010 10:05:54, modified: 03.11.2010 10:05:54 Command line: "C:\Program Files\The KMPlayer\KMPlayer.exe" "C:\Documents and Settings\Skot\Dokumenty\Staћenй soubory\velka-vlastenecka-valka-1978-dvdrip-czdub-1-dil.avi"
c:\program files\microsoft office\office12\onenotem.exe Script: Quarantine, Delete, Delete via BC, Terminate	1884	Microsoft Office OneNote Quick Launcher	© 2006 Microsoft Corporation. All rights reserved.	??	95.39 kb, rsAh, created: 26.02.2009 15:24:50, modified: 26.02.2009 15:24:50 Command line: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
c:\windows\system32\pnkbstrb.exe Script: Quarantine, Delete, Delete via BC, Terminate	232			??	185.30 kb, rsAh, created: 24.11.2009 17:16:36, modified: 24.11.2009 17:19:06 Command line: C:\WINDOWS\system32\PnkBstrB.exe
c:\windows\update.tray-2-0-lnk\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	4016	Roman Plan Bass Net Nine Terse	Huey © Macro Rams 1996-2010	??	1170.00 kb, rsaH, created: 27.10.2011 15:11:56, modified: 27.10.2011 14:58:30 Command line: "C:\WINDOWS\update.tray-2-0-lnk\svchost.exe" tray 2-0 1
Detected:40, recognized as trusted 37

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Documents and Settings\Skot\Plocha\ShellExtend.dll Script: Quarantine, Delete, Delete via BC	67502080	PowerTool????	Copyright @ 2010. All rights reserved.	--	1672
C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.cze Script: Quarantine, Delete, Delete via BC	57344000	Adobe Acrobat Context Menu	Copyright 1984-2009 Adobe Systems Incorporated and its licensors. All rights reserved.	--	1672
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.cze Script: Quarantine, Delete, Delete via BC	268435456			--	376
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.HUN Script: Quarantine, Delete, Delete via BC	12648448			--	376
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.POL Script: Quarantine, Delete, Delete via BC	12779520			--	376
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.SKY Script: Quarantine, Delete, Delete via BC	13500416			--	376
c:\program files\ati technologies\ati.ace\cs\cli.component.systemtray.resources.dll Script: Quarantine, Delete, Delete via BC	60489728	SystemTray Component	2002-2004	--	2156
C:\Program Files\BetClic Poker.com\GVBASE.dll Script: Quarantine, Delete, Delete via BC	21037056			--	1756
C:\Program Files\BetClic Poker.com\gvgfx-dib.dll Script: Quarantine, Delete, Delete via BC	22020096			--	1756
C:\Program Files\BetClic Poker.com\gvgfx.dll Script: Quarantine, Delete, Delete via BC	22282240			--	1756
C:\Program Files\BetClic Poker.com\gvmain.dll Script: Quarantine, Delete, Delete via BC	268435456			--	1756
C:\Program Files\BetClic Poker.com\gvnetwork.dll Script: Quarantine, Delete, Delete via BC	21757952			--	1756
C:\Program Files\BetClic Poker.com\gvsound.dll Script: Quarantine, Delete, Delete via BC	23527424			--	1756
C:\Program Files\Canon\MyPrinter\BJMyRes.dll Script: Quarantine, Delete, Delete via BC	268435456	Canon My Printer	Copyright 2004-2007 CANON INC. All Rights Reserved.	--	408
C:\Program Files\Java\jre6\bin\awt.dll Script: Quarantine, Delete, Delete via BC	1828716544	Java(TM) Platform SE binary	Copyright © 2011	--	1412
C:\Program Files\Microsoft Office\Office12\1029\GrooveIntlResource.dll Script: Quarantine, Delete, Delete via BC	58523648	GrooveIntlResource Module	© 2007 Microsoft Corporation. Vљechna prбva vyhrazena.	--	1672
C:\Program Files\Microsoft Office\Office12\1029\ONINTL.DLL Script: Quarantine, Delete, Delete via BC	869269504	Microsoft Office OneNote International Resources	© 2007 Microsoft Corporation. Vљechna prбva vyhrazena.	--	1884
C:\Program Files\The KMPlayer\MediaInfo.Dll Script: Quarantine, Delete, Delete via BC	186777600	Library to read info about media files	LGPL	--	504
c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_bac559f2\mscorlib.dll Script: Quarantine, Delete, Delete via BC	2040070144			--	2320, 440, 2156
c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_378a6441\system.drawing.dll Script: Quarantine, Delete, Delete via BC	2068905984			--	2320, 440, 2156
c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_5411ebef\system.windows.forms.dll Script: Quarantine, Delete, Delete via BC	2072051712			--	2320, 440, 2156
c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7871e94f\system.xml.dll Script: Quarantine, Delete, Delete via BC	2077622272			--	2320, 440, 2156
c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b1ae4de2\system.dll Script: Quarantine, Delete, Delete via BC	2065498112			--	2320, 440, 2156
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll Script: Quarantine, Delete, Delete via BC	2037776384	Microsoft Common Language Runtime - WorkStation	Copyright © Microsoft Corporation 1998-2002. All rights reserved.	--	2320, 440, 2156, 1412
Modules found:560, recognized as trusted 536

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\WINDOWS\System32\Drivers\abwkomsr.SYS Script: Quarantine, Delete, Delete via BC	F732E000	066000 (417792)
C:\WINDOWS\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, Delete via BC	BA518000	018000 (98304)
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Script: Quarantine, Delete, Delete via BC	F8A8B000	002000 (8192)
C:\WINDOWS\system32\DRIVERS\eamon.sys Script: Quarantine, Delete, Delete via BC	B8359000	0A7000 (684032)	Amon monitor	Copyright (c) ESET 1992-2010. All rights reserved.
C:\WINDOWS\system32\DRIVERS\epfw.sys Script: Quarantine, Delete, Delete via BC	B830F000	022000 (139264)	ESET Personal Firewall driver	Copyright (c) ESET 1992-2010. All rights reserved.
C:\WINDOWS\system32\DRIVERS\epfwtdi.sys Script: Quarantine, Delete, Delete via BC	BA71B000	012000 (73728)	ESET Personal Firewall TDI filter	Copyright (c) ESET 1992-2010. All rights reserved.
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys Script: Quarantine, Delete, Delete via BC	BA6DB000	018000 (98304)	ESET Antivirus Network Redirector	Copyright (c) ESET 1992-2010. All rights reserved.
C:\Documents and Settings\Skot\Plocha\kEvP.sys Script: Quarantine, Delete, Delete via BC	B6FF7000	026000 (155648)
lfxekk.sys Script: Quarantine, Delete, Delete via BC	F8535000	00E000 (57344)
C:\WINDOWS\system32\Drivers\sptd.sys Script: Quarantine, Delete, Delete via BC	F842C000	0E8000 (950272)
Modules found - 127, recognized as trusted - 117

Services

Service	Description	Status	File	Group	Dependencies
PnkBstrB Service: Stop, Delete, Disable, Delete via BC	PnkBstrB	Running	C:\WINDOWS\system32\PnkBstrB.exe Script: Quarantine, Delete, Delete via BC
EhttpSrv Service: Stop, Delete, Disable, Delete via BC	ESET HTTP Server	Not started	C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe Script: Quarantine, Delete, Delete via BC
ekrn Service: Stop, Delete, Disable, Delete via BC	ESET Service	Not started	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Script: Quarantine, Delete, Delete via BC
McComponentHostService Service: Stop, Delete, Disable, Delete via BC	McAfee Security Scan Component Host Service	Not started	C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe Script: Quarantine, Delete, Delete via BC		RPCSS
WinDefend Service: Stop, Delete, Disable, Delete via BC	Windows Defender	Not started	C:\Program Files\Windows Defender\MsMpEng.exe Script: Quarantine, Delete, Delete via BC	COM Infrastructure	RpcSs
Detected - 99, recognized as trusted - 94

Drivers

Service	Description	Status	File	Group	Dependencies
eamon Driver: Unload, Delete, Disable, Delete via BC	eamon	Running	C:\WINDOWS\system32\DRIVERS\eamon.sys Script: Quarantine, Delete, Delete via BC	FSFilter Anti-Virus
epfw Driver: Unload, Delete, Disable, Delete via BC	epfw	Running	C:\WINDOWS\system32\DRIVERS\epfw.sys Script: Quarantine, Delete, Delete via BC	Streams Drivers
epfwtdi Driver: Unload, Delete, Disable, Delete via BC	epfwtdi	Running	C:\WINDOWS\system32\DRIVERS\epfwtdi.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	Tcpip
epfwtdir Driver: Unload, Delete, Disable, Delete via BC	epfwtdir	Running	C:\WINDOWS\system32\DRIVERS\epfwtdir.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	Tcpip
sptd Driver: Unload, Delete, Disable, Delete via BC	sptd	Running	C:\WINDOWS\System32\Drivers\sptd.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
Abiosdsk Driver: Unload, Delete, Disable, Delete via BC	Abiosdsk	Not started	Abiosdsk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
abp480n5 Driver: Unload, Delete, Disable, Delete via BC	abp480n5	Not started	abp480n5.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
adpu160m Driver: Unload, Delete, Disable, Delete via BC	adpu160m	Not started	adpu160m.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Aha154x Driver: Unload, Delete, Disable, Delete via BC	Aha154x	Not started	Aha154x.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
aic78u2 Driver: Unload, Delete, Disable, Delete via BC	aic78u2	Not started	aic78u2.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
aic78xx Driver: Unload, Delete, Disable, Delete via BC	aic78xx	Not started	aic78xx.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
AliIde Driver: Unload, Delete, Disable, Delete via BC	AliIde	Not started	AliIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
amsint Driver: Unload, Delete, Disable, Delete via BC	amsint	Not started	amsint.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc Driver: Unload, Delete, Disable, Delete via BC	asc	Not started	asc.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc3350p Driver: Unload, Delete, Disable, Delete via BC	asc3350p	Not started	asc3350p.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc3550 Driver: Unload, Delete, Disable, Delete via BC	asc3550	Not started	asc3550.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Atdisk Driver: Unload, Delete, Disable, Delete via BC	Atdisk	Not started	Atdisk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
catchme Driver: Unload, Delete, Disable, Delete via BC	catchme	Not started	C:\ComboFix\catchme.sys Script: Quarantine, Delete, Delete via BC	Base
cd20xrnt Driver: Unload, Delete, Disable, Delete via BC	cd20xrnt	Not started	cd20xrnt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Changer Driver: Unload, Delete, Disable, Delete via BC	Changer	Not started	Changer.sys Script: Quarantine, Delete, Delete via BC	Filter
CmdIde Driver: Unload, Delete, Disable, Delete via BC	CmdIde	Not started	CmdIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
Cpqarray Driver: Unload, Delete, Disable, Delete via BC	Cpqarray	Not started	Cpqarray.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
dac960nt Driver: Unload, Delete, Disable, Delete via BC	dac960nt	Not started	dac960nt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
dpti2o Driver: Unload, Delete, Disable, Delete via BC	dpti2o	Not started	dpti2o.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
hpn Driver: Unload, Delete, Disable, Delete via BC	hpn	Not started	hpn.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
i2omgmt Driver: Unload, Delete, Disable, Delete via BC	i2omgmt	Not started	i2omgmt.sys Script: Quarantine, Delete, Delete via BC	SCSI Class
i2omp Driver: Unload, Delete, Disable, Delete via BC	i2omp	Not started	i2omp.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ini910u Driver: Unload, Delete, Disable, Delete via BC	ini910u	Not started	ini910u.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
lbrtfdc Driver: Unload, Delete, Disable, Delete via BC	lbrtfdc	Not started	lbrtfdc.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
mraid35x Driver: Unload, Delete, Disable, Delete via BC	mraid35x	Not started	mraid35x.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
PCIDump Driver: Unload, Delete, Disable, Delete via BC	PCIDump	Not started	PCIDump.sys Script: Quarantine, Delete, Delete via BC	PCI Configuration
PDCOMP Driver: Unload, Delete, Disable, Delete via BC	PDCOMP	Not started	PDCOMP.sys Script: Quarantine, Delete, Delete via BC
PDFRAME Driver: Unload, Delete, Disable, Delete via BC	PDFRAME	Not started	PDFRAME.sys Script: Quarantine, Delete, Delete via BC
PDRELI Driver: Unload, Delete, Disable, Delete via BC	PDRELI	Not started	PDRELI.sys Script: Quarantine, Delete, Delete via BC
PDRFRAME Driver: Unload, Delete, Disable, Delete via BC	PDRFRAME	Not started	PDRFRAME.sys Script: Quarantine, Delete, Delete via BC
perc2 Driver: Unload, Delete, Disable, Delete via BC	perc2	Not started	perc2.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
perc2hib Driver: Unload, Delete, Disable, Delete via BC	perc2hib	Not started	perc2hib.sys Script: Quarantine, Delete, Delete via BC	Filter
ql1080 Driver: Unload, Delete, Disable, Delete via BC	ql1080	Not started	ql1080.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Ql10wnt Driver: Unload, Delete, Disable, Delete via BC	Ql10wnt	Not started	Ql10wnt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql12160 Driver: Unload, Delete, Disable, Delete via BC	ql12160	Not started	ql12160.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql1240 Driver: Unload, Delete, Disable, Delete via BC	ql1240	Not started	ql1240.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql1280 Driver: Unload, Delete, Disable, Delete via BC	ql1280	Not started	ql1280.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Simbad Driver: Unload, Delete, Disable, Delete via BC	Simbad	Not started	Simbad.sys Script: Quarantine, Delete, Delete via BC	Filter
Sparrow Driver: Unload, Delete, Disable, Delete via BC	Sparrow	Not started	Sparrow.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
sym_hi Driver: Unload, Delete, Disable, Delete via BC	sym_hi	Not started	sym_hi.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
sym_u3 Driver: Unload, Delete, Disable, Delete via BC	sym_u3	Not started	sym_u3.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
symc810 Driver: Unload, Delete, Disable, Delete via BC	symc810	Not started	symc810.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
symc8xx Driver: Unload, Delete, Disable, Delete via BC	symc8xx	Not started	symc8xx.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
TosIde Driver: Unload, Delete, Disable, Delete via BC	TosIde	Not started	TosIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
TrueSight Driver: Unload, Delete, Disable, Delete via BC	TrueSight	Not started	c:\windows\system32\drivers\TrueSight.sys Script: Quarantine, Delete, Delete via BC
ultra Driver: Unload, Delete, Disable, Delete via BC	ultra	Not started	ultra.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ViaIde Driver: Unload, Delete, Disable, Delete via BC	ViaIde	Not started	ViaIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
WDICA Driver: Unload, Delete, Disable, Delete via BC	WDICA	Not started	WDICA.sys Script: Quarantine, Delete, Delete via BC
Detected - 178, recognized as trusted - 125

Autoruns

File name	Status	Startup method	Description
C:\PROGRA~1\MICROS~2\Office12\1029\MAPIR.DLL Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Outlook, EventMessageFile
C:\Program Files\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Skot\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Skot\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 10.lnk,
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {B089FE88-FB52-11D3-BDF1-0050DA34150D} Delete
C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\All Users\Nabнdka Start\Programy\Po spuљtмnн\, C:\Documents and Settings\All Users\Nabнdka Start\Programy\Po spuљtмnн\Update ESET's licence.lnk,
C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\All Users\Nabнdka Start\Programy\Po spuљtмnн\, C:\Documents and Settings\All Users\Nabнdka Start\Programy\Po spuљtмnн\Update ESET's license.lnk,
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\All Users\Nabнdka Start\Programy\Po spuљtмnн\, C:\Documents and Settings\All Users\Nabнdka Start\Programy\Po spuљtмnн\McAfee Security Scan Plus.lnk,
C:\Program Files\Trojan Remover\Trjscan.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, TrojanScanner Delete
C:\Program Files\Windows Defender\MpEvMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinDefendRtp, EventMessageFile
C:\Program Files\Windows Defender\MpEvMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile
C:\WINDOWS\System32\Drivers\AliIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\aliide, EventMessageFile
C:\WINDOWS\System32\Drivers\CmdIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cmdide, EventMessageFile
C:\WINDOWS\System32\Drivers\TosIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\toside, EventMessageFile
C:\WINDOWS\System32\Drivers\ViaIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\viaide, EventMessageFile
C:\WINDOWS\System32\Drivers\lbrtfdc.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc, EventMessageFile
C:\WINDOWS\System32\igmpv2.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile
C:\WINDOWS\System32\ipbootp.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile
C:\WINDOWS\System32\iprip2.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile
C:\WINDOWS\System32\ospf.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF, EventMessageFile
C:\WINDOWS\System32\ospfmib.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib, EventMessageFile
C:\WINDOWS\System32\polagent.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent, EventMessageFile
C:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Internet Explorer 8, EventMessageFile
C:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\NtServicePack, EventMessageFile
C:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WindowsMedia, EventMessageFile
C:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Wudf01000, EventMessageFile
C:\WINDOWS\System32\tssdis.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir, EventMessageFile
C:\WINDOWS\system32\KB905474\wgasetup.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WgaSetup, EventMessageFile
C:\WINDOWS\system32\MsSip1.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1, $DLL Delete
C:\WINDOWS\system32\MsSip2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2, $DLL Delete
C:\WINDOWS\system32\MsSip3.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3, $DLL Delete
C:\WINDOWS\system32\psxss.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\WINDOWS\system32\stisvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System, EventMessageFile
kbd101.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver JPN Delete
kbd101a.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver KOR Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, .DEFAULT\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-19\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-20\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-18\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Control Panel\IOProcs, MVB Delete
services32.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\SafeBoot, AlternateShell
vgafix.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon Delete
vgaoem.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon Delete
vgasys.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon Delete
Autoruns items found - 840, recognized as trusted - 798

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
	Extension module			{2670000A-7350-4f3c-8081-5663EE0C6C49} Delete
Items found - 22, recognized as trusted - 21

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	Rozљншenн panelu Zobrazenн pro panoramatickй zobrazenн			{42071714-76d4-11d1-8b24-00a0c9068ff3} Delete
	Rozљншenн prostшedн pro kompresi souborщ			{764BF0E1-F219-11ce-972D-00AA00A14F56} Delete
	Kontextovб nabнdka љifrovбnн			{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} Delete
	Hlavnн panel a nabнdka Start			{0DF44EAA-FF21-4412-828E-260A8728E7F1} Delete
	Uћivatelskй ъиty			{7A9D77BD-5403-11d2-8785-2E0420524153} Delete
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll Script: Quarantine, Delete, Delete via BC	ESET Smart Security - Context Menu Shell Extension			{B089FE88-FB52-11D3-BDF1-0050DA34150D} Delete
Items found - 218, recognized as trusted - 212

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
Items found - 11, recognized as trusted - 11

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer
C:\WINDOWS\system32\KB905474\wgasetup.exe Script: Quarantine, Delete, Delete via BC	WGASetup.job Script: Delete	The task is ready to run at its next scheduled time.	Nastavenн programu Windows Genuine Advantage Notification	© 1995-2008 Microsoft Corporation
Items found - 2, recognized as trusted - 1

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 3, recognized as trusted - 3

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 11, recognized as trusted - 11
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 22725 [1068] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
139 LISTENING 0.0.0.0 38942 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING 0.0.0.0 2078 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
1025 LISTENING 0.0.0.0 4259 [440] c:\program files\ati technologies\ati.ace\cli.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1031 LISTENING 0.0.0.0 45209 [2664] c:\windows\system32\alg.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1034 LISTENING 0.0.0.0 8316 [2320] c:\program files\ati technologies\ati.ace\cli.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1036 LISTENING 0.0.0.0 51255 [2156] c:\program files\ati technologies\ati.ace\cli.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1049 ESTABLISHED 127.0.0.1 1050 [1592] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1050 ESTABLISHED 127.0.0.1 1049 [1592] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1051 ESTABLISHED 127.0.0.1 1052 [1592] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1052 ESTABLISHED 127.0.0.1 1051 [1592] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2357 ESTABLISHED 66.212.230.70 443 [1756] c:\program files\betclic poker.com\betclic pokercom.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2425 ESTABLISHED 68.233.253.144 80 [1756] c:\program files\betclic poker.com\betclic pokercom.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2580 ESTABLISHED 95.168.207.114 80 [1592] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2603 CLOSE_WAIT 89.108.66.156 80 [3488] c:\documents and settings\skot\plocha\avz4\avz.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2623 TIME_WAIT 77.75.76.6 80 [0]
5152 LISTENING 0.0.0.0 39150 [1412] c:\program files\java\jre6\bin\jqs.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5152 CLOSE_WAIT 127.0.0.1 2377 [1412] c:\program files\java\jre6\bin\jqs.exe
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123 LISTENING -- -- [1184] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
123 LISTENING -- -- [1184] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
500 LISTENING -- -- [800] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2354 LISTENING -- -- [1756] c:\program files\betclic poker.com\betclic pokercom.exe
Script: Quarantine, Delete, Delete via BC, Terminate
4500 LISTENING -- -- [800] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate
44301 LISTENING -- -- [2032] c:\windows\system32\pnkbstra.exe
Script: Quarantine, Delete, Delete via BC, Terminate
45301 LISTENING -- -- [232] c:\windows\system32\pnkbstrb.exe
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Items found - 3, recognized as trusted - 3

Control Panel Applets (CPL)

File name Description Manufacturer
Items found - 26, recognized as trusted - 26

Active Setup

File name Description Manufacturer CLSID
Items found - 15, recognized as trusted - 15

HOSTS file

Hosts file record
127.0.0.1 localhost
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
Items found - 28, recognized as trusted - 28

Suspicious objects

File Description Type
C:\WINDOWS\ufa\ufa.exe
Script: Quarantine, Delete, Delete via BC Suspicion by Heuristic analysis HSC: suspicion for File with suspicious name (CH)
C:\WINDOWS\update.tray-15-0\svchost.exe
Script: Quarantine, Delete, Delete via BC Suspicion by Heuristic analysis HSC: suspicion for File with suspicious name (CH)
C:\WINDOWS\update.tray-2-0\svchost.exe
Script: Quarantine, Delete, Delete via BC Suspicion by Heuristic analysis HSC: suspicion for File with suspicious name (CH)
C:\WINDOWS\update.tray-3-0\svchost.exe
Script: Quarantine, Delete, Delete via BC Suspicion by Heuristic analysis HSC: suspicion for File with suspicious name (CH)
C:\Program Files\daemon tools\setupdtsb.exe
Script: Quarantine, Delete, Delete via BC Suspicion by Heuristic analysis HSC: suspicion for File with suspicious name (CH)

AVZ Antiviral Toolkit log; AVZ version is 4.37
Scanning started at 28.10.2011 19:49:40
Database loaded: signatures - 294598, NN profile(s) - 2, malware removal microprograms - 56, signature database released 28.10.2011 04:00
Heuristic microprograms loaded: 388
PVS microprograms loaded: 9
Digital signatures of system files loaded: 302280
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Driver loaded successfully
 SDT found (RVA=0832A0)
 Kernel ntoskrnl.exe found in memory at address 804D7000
   SDT = 8055A2A0
   KiST = 804E26B8 (284)
Functions checked: 284, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
 Analyzing CPU 1
 Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Driver loaded successfully
\FileSystem\ntfs[IRP_MJ_CREATE] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_CLOSE] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_WRITE] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_EA] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 823691E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_PNP] = 823691E8 -> hook not defined
 Checking - complete
2. Scanning RAM
 Number of processes found: 39
Extended process analysis: 232 C:\WINDOWS\system32\PnkBstrB.exe
[ES]:Program code includes networking-related functionality
[ES]:Capable of sending mail ?!
[ES]:Application has no visible windows
[ES]:Located in system folder
Extended process analysis: 1756 C:\Program Files\BetClic Poker.com\BetClic Pokercom.exe
[ES]:Program code includes networking-related functionality
[ES]:Listens on HTTP ports !
[ES]:Loads RASAPI DLL - may use dialing ?
 Number of modules loaded: 559
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
>>> C:\WINDOWS\ufa\ufa.exe HSC: suspicion for File with suspicious name (CH)
>>> C:\WINDOWS\update.tray-15-0\svchost.exe HSC: suspicion for File with suspicious name (CH)
>>> C:\WINDOWS\update.tray-2-0\svchost.exe HSC: suspicion for File with suspicious name (CH)
>>> C:\WINDOWS\update.tray-3-0\svchost.exe HSC: suspicion for File with suspicious name (CH)
>>> C:\Program Files\daemon tools\setupdtsb.exe HSC: suspicion for File with suspicious name (CH)
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Vzd?len? registr)
>> Services: potentially dangerous service allowed: TermService (Termin?lov? slu?ba)
>> Services: potentially dangerous service allowed: SSDPSRV (Slu?ba rozpozn?v?n? pomoc? protokolu SSDP)
>> Services: potentially dangerous service allowed: TlntSvr (Telnet)
>> Services: potentially dangerous service allowed: Schedule (Pl?nova? ?loh)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting - Vzd?len? sd?len? plochy)
>> Services: potentially dangerous service allowed: RDSessMgr (Spr?vce relac? n?pov?dy ke vzd?len? plo?e)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 599, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 28.10.2011 19:53:50
Time of scanning: 00:04:14
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:Performance tweaking: disable service RemoteRegistry (Vzdбlenэ registr)
Performance tweaking: disable service TermService (Terminбlovб sluћba)
Performance tweaking: disable service SSDPSRV (Sluћba rozpoznбvбnн pomocн protokolu SSDP)
Performance tweaking: disable service TlntSvr (Telnet)
Performance tweaking: disable service Schedule (Plбnovaи ъloh)
Performance tweaking: disable service mnmsrvc (NetMeeting - Vzdбlenй sdнlenн plochy)
Performance tweaking: disable service RDSessMgr (Sprбvce relacн nбpovмdy ke vzdбlenй ploљe)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
135	LISTENING	0.0.0.0	22725	[1068] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
139	LISTENING	0.0.0.0	38942	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	0.0.0.0	2078	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
1025	LISTENING	0.0.0.0	4259	[440] c:\program files\ati technologies\ati.ace\cli.exe Script: Quarantine, Delete, Delete via BC, Terminate
1031	LISTENING	0.0.0.0	45209	[2664] c:\windows\system32\alg.exe Script: Quarantine, Delete, Delete via BC, Terminate
1034	LISTENING	0.0.0.0	8316	[2320] c:\program files\ati technologies\ati.ace\cli.exe Script: Quarantine, Delete, Delete via BC, Terminate
1036	LISTENING	0.0.0.0	51255	[2156] c:\program files\ati technologies\ati.ace\cli.exe Script: Quarantine, Delete, Delete via BC, Terminate
1049	ESTABLISHED	127.0.0.1	1050	[1592] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
1050	ESTABLISHED	127.0.0.1	1049	[1592] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
1051	ESTABLISHED	127.0.0.1	1052	[1592] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
1052	ESTABLISHED	127.0.0.1	1051	[1592] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
2357	ESTABLISHED	66.212.230.70	443	[1756] c:\program files\betclic poker.com\betclic pokercom.exe Script: Quarantine, Delete, Delete via BC, Terminate
2425	ESTABLISHED	68.233.253.144	80	[1756] c:\program files\betclic poker.com\betclic pokercom.exe Script: Quarantine, Delete, Delete via BC, Terminate
2580	ESTABLISHED	95.168.207.114	80	[1592] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
2603	CLOSE_WAIT	89.108.66.156	80	[3488] c:\documents and settings\skot\plocha\avz4\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate
2623	TIME_WAIT	77.75.76.6	80	[0]
5152	LISTENING	0.0.0.0	39150	[1412] c:\program files\java\jre6\bin\jqs.exe Script: Quarantine, Delete, Delete via BC, Terminate
5152	CLOSE_WAIT	127.0.0.1	2377	[1412] c:\program files\java\jre6\bin\jqs.exe Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123	LISTENING	--	--	[1184] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
123	LISTENING	--	--	[1184] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
500	LISTENING	--	--	[800] c:\windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[1336] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[1336] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
2354	LISTENING	--	--	[1756] c:\program files\betclic poker.com\betclic pokercom.exe Script: Quarantine, Delete, Delete via BC, Terminate
4500	LISTENING	--	--	[800] c:\windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC, Terminate
44301	LISTENING	--	--	[2032] c:\windows\system32\pnkbstra.exe Script: Quarantine, Delete, Delete via BC, Terminate
45301	LISTENING	--	--	[232] c:\windows\system32\pnkbstrb.exe Script: Quarantine, Delete, Delete via BC, Terminate