Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
g:\avz4\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate	1760	???????????? ??????? AVZ	???????????? ??????? AVZ	??	746.50 kb, rsAh, created: 11.11.2011 16:51:00, modified: 17.10.2011 16:40:24 Command line: "G:\avz4\avz.exe"
e:\program files\clownfish\clownfish.exe Script: Quarantine, Delete, Delete via BC, Terminate	448			??	886.50 kb, rsAh, created: 13.09.2011 14:34:44, modified: 13.09.2011 14:34:44 Command line: "E:\Program Files\Clownfish\Clownfish.exe"
e:\windows\system32\ctfmon.exe Script: Quarantine, Delete, Delete via BC, Terminate	144	CTF Loader	© Microsoft Corporation. All rights reserved.	??	15.00 kb, rsAh, created: 14.04.2008 13:00:00, modified: 14.04.2008 13:00:00 Command line: "E:\WINDOWS\system32\ctfmon.exe"
e:\windows\explorer.exe Script: Quarantine, Delete, Delete via BC, Terminate	1236	Prщzkumnнk Windows	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	1010.00 kb, rsAh, created: 14.04.2008 13:00:00, modified: 14.04.2008 13:00:00 Command line: E:\WINDOWS\Explorer.EXE
e:\program files\microsoft security client\antimalware\msmpeng.exe Script: Quarantine, Delete, Delete via BC, Terminate	3388	Antimalware Service Executable	© Microsoft Corporation. All rights reserved.	??	11.46 kb, rsAh, created: 27.04.2011 15:39:26, modified: 27.04.2011 15:39:26 Command line: "E:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
e:\program files\microsoft security client\msseces.exe Script: Quarantine, Delete, Delete via BC, Terminate	3072	Microsoft Security Client User Interface	© 2010 Microsoft Corporation. All rights reserved.	??	974.53 kb, rsAh, created: 15.06.2011 15:16:48, modified: 15.06.2011 15:16:48 Command line: "E:\Program Files\Microsoft Security Client\msseces.exe" /UpdateAndQuickScan /OpenWebPageOnClose
e:\program files\nero\nero8\nero backitup\nbkeyscan.exe Script: Quarantine, Delete, Delete via BC, Terminate	1428	Nero BackItUp	Copyright (c) 2003-2007 Nero AG and its licensors	??	2169.29 kb, rsAh, created: 18.02.2008 15:29:02, modified: 18.02.2008 15:29:02 Command line: "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
e:\windows\system32\notepad.exe Script: Quarantine, Delete, Delete via BC, Terminate	3576	Poznбmkovэ blok	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	68.00 kb, rsAh, created: 14.04.2008 13:00:00, modified: 14.04.2008 13:00:00 Command line: "E:\WINDOWS\system32\NOTEPAD.EXE" E:\rsit\info.txt
e:\windows\rthdcpl.exe Script: Quarantine, Delete, Delete via BC, Terminate	1456	Realtek HD Audio Control Panel	Copyright (c) 2010 Realtek Semiconductor Corp.	??	19594.60 kb, rsAh, created: 22.10.2011 19:03:27, modified: 14.10.2011 17:58:12 Command line: "E:\WINDOWS\RTHDCPL.EXE"
e:\windows\system32\rundll32.exe Script: Quarantine, Delete, Delete via BC, Terminate	1476	Run a DLL as an App	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	32.50 kb, rsAh, created: 14.04.2008 13:00:00, modified: 14.04.2008 13:00:00 Command line: "E:\WINDOWS\system32\RUNDLL32.EXE" E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
e:\program files\common files\spigot\search settings\searchsettings.exe Script: Quarantine, Delete, Delete via BC, Terminate	1436	Search Settings	Copyright © 2005-2011 Spigot, Inc.	??	873.34 kb, rsAh, created: 27.09.2011 20:34:02, modified: 27.09.2011 20:34:02 Command line: "E:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
e:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate	184	Skype	(c) Skype Technologies S.A.	??	16944.63 kb, RsAh, created: 13.10.2011 09:27:14, modified: 13.10.2011 09:27:14 Command line: "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
e:\program files\steam\steam.exe Script: Quarantine, Delete, Delete via BC, Terminate	272	Steam	© Copyright 2000-2003 Valve Corporation All rights reserved.	??	1213.33 kb, rsAh, created: 16.03.2011 09:47:16, modified: 17.09.2011 15:11:45 Command line: "E:\Program Files\Steam\steam.exe" -silent
e:\windows\system32\wscntfy.exe Script: Quarantine, Delete, Delete via BC, Terminate	2464	Windows Security Center Notification App	© Microsoft Corporation. All rights reserved.	??	13.50 kb, rsAh, created: 14.04.2008 13:00:00, modified: 14.04.2008 13:00:00 Command line: E:\WINDOWS\system32\wscntfy.exe
d:\xfire\xfire.exe Script: Quarantine, Delete, Delete via BC, Terminate	1116	Xfire	Copyright 2004 Xfire Inc.	??	3428.40 kb, rsAh, created: 13.10.2011 21:29:36, modified: 13.10.2011 21:29:36 Command line: "D:\Xfire\Xfire.exe"
Detected:33, recognized as trusted 30

Module name	Handle	Description	Copyright	MD5	Used by processes
D:\WinSCP\DragExt.dll Script: Quarantine, Delete, Delete via BC	62259200	Drag&Drop shell extension for WinSCP (32-bit)	(c) 2000-2011 Martin Prikryl	--	1236, 272
D:\Xfire\icons.dll Script: Quarantine, Delete, Delete via BC	48234496	Xfire Icons	Copyright (C) 2006 Xfire Inc.	--	1116
D:\Xfire\XFIRE_LANG_us.dll Script: Quarantine, Delete, Delete via BC	268435456	Xfire Language DLL	Copyright 2011 Xfire Inc.	--	1116
D:\Xfire\xfire_toucan_44598.dll Script: Quarantine, Delete, Delete via BC	268435456	Xfire Toucan DLL	Copyright 2003 Xfire Inc.	--	1760, 448, 144, 1236, 3072, 1428, 3576, 1456, 1476, 1436, 184, 272, 2464, 1116
E:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll Script: Quarantine, Delete, Delete via BC	1619001344	Popisy aktualizace definic	© Microsoft Corporation. Vљechna prбva vyhrazena.	--	3388
E:\Program Files\SplitMediaLabs\XSplit\avcodec-53.dll Script: Quarantine, Delete, Delete via BC	1709965312			--	184
E:\Program Files\SplitMediaLabs\XSplit\avformat-53.dll Script: Quarantine, Delete, Delete via BC	1789919232			--	184
E:\Program Files\SplitMediaLabs\XSplit\avutil-51.dll Script: Quarantine, Delete, Delete via BC	1756889088			--	184
E:\Program Files\SplitMediaLabs\XSplit\swscale-0.dll Script: Quarantine, Delete, Delete via BC	1836580864			--	184
E:\Program Files\SplitMediaLabs\XSplit\VHMediaCOM.dll Script: Quarantine, Delete, Delete via BC	279379968	VHMediaLib COM implementation	2009-2011 (c) SplitmediaLabs Limited	--	184
E:\Program Files\Steam\bin\chromehtml.dll Script: Quarantine, Delete, Delete via BC	1062207488			--	272
E:\Program Files\Steam\bin\filesystem_steam.dll Script: Quarantine, Delete, Delete via BC	1067450368	FileSystem_Steam.dll (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)	Copyright (C) 2005 Valve Corpration	--	272
e:\program files\steam\bin\friendsui.dll Script: Quarantine, Delete, Delete via BC	197197824	Steam Friends UI (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)	Copyright (C) 2005 Valve Corporation	--	272
e:\program files\steam\bin\serverbrowser.dll Script: Quarantine, Delete, Delete via BC	199098368	Steam Server Browser Library (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)	Copyright (C) 2008 Valve Corporation	--	272
E:\Program Files\Steam\bin\steamservice.dll Script: Quarantine, Delete, Delete via BC	91160576	Steam Client Service Library (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)	Copyright (C) 2007	--	272
E:\Program Files\Steam\bin\vgui2_s.dll Script: Quarantine, Delete, Delete via BC	1059061760	vgui2_s.dll (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)	Copyright (C) 2007 Valve Corporation	--	272
E:\Program Files\Steam\crashhandler.dll Script: Quarantine, Delete, Delete via BC	268435456	Steam Crash Handler Library (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)	Copyright (C) 2010	--	272
E:\Program Files\Steam\Steam.dll Script: Quarantine, Delete, Delete via BC	805306368	Steam Client Engine	© Copyright 2000-2003 Valve Corporation All rights reserved.	--	272
E:\Program Files\Steam\steamclient.dll Script: Quarantine, Delete, Delete via BC	939524096	Steamclient.dll (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)	Copyright (C) 2005 Valve Corporation	--	272
E:\Program Files\Steam\SteamUI.dll Script: Quarantine, Delete, Delete via BC	973078528	SteamUI Dynamic Link Library (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)	Copyright (C) 2007	--	272
E:\Program Files\Steam\tier0_s.dll Script: Quarantine, Delete, Delete via BC	1056964608	tier0_s Dynamic Link Library (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)	Copyright (C) 2007	--	272
E:\Program Files\Steam\vstdlib_s.dll Script: Quarantine, Delete, Delete via BC	1063256064	vstdlib_ s.dll (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)	Copyright (C) 2005 Valve Corporation	--	272
E:\WINDOWS\system32\NVRSCS.DLL Script: Quarantine, Delete, Delete via BC	54460416	NVIDIA Czech language resource library	(C) NVIDIA Corporation. All rights reserved.	--	1236, 1476
Modules found:388, recognized as trusted 365

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
E:\WINDOWS\System32\Drivers\Aavmker4.SYS Script: Quarantine, Delete, Delete via BC	A7054000	006000 (24576)
E:\WINDOWS\System32\Drivers\aswFsBlk.SYS Script: Quarantine, Delete, Delete via BC	AC2EC000	003000 (12288)
E:\WINDOWS\System32\Drivers\aswMon2.SYS Script: Quarantine, Delete, Delete via BC	A3E79000	019000 (102400)
E:\WINDOWS\System32\Drivers\aswRdr.SYS Script: Quarantine, Delete, Delete via BC	B3A93000	007000 (28672)
E:\WINDOWS\System32\Drivers\aswSnx.SYS Script: Quarantine, Delete, Delete via BC	A4A3C000	070000 (458752)
E:\WINDOWS\System32\Drivers\aswSP.SYS Script: Quarantine, Delete, Delete via BC	A98CF000	04D000 (315392)
E:\WINDOWS\System32\Drivers\aswTdi.SYS Script: Quarantine, Delete, Delete via BC	B77A9000	00B000 (45056)
E:\WINDOWS\System32\Drivers\dump_diskdump.sys Script: Quarantine, Delete, Delete via BC	A5712000	004000 (16384)
E:\WINDOWS\System32\Drivers\dump_nvgts.sys Script: Quarantine, Delete, Delete via BC	A4A10000	02C000 (180224)
Modules found - 117, recognized as trusted - 108

Services

Service	Description	Status	File	Group	Dependencies
Adobe LM Service Service: Stop, Delete, Disable, Delete via BC	Adobe LM Service	Not started	E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe Script: Quarantine, Delete, Delete via BC
Detected - 94, recognized as trusted - 93

Drivers

Service	Description	Status	File	Group	Dependencies
Aavmker4 Driver: Unload, Delete, Disable, Delete via BC	avast! Asynchronous Virus Monitor	Running	Aavmker4.sys Script: Quarantine, Delete, Delete via BC
aswFsBlk Driver: Unload, Delete, Disable, Delete via BC	aswFsBlk	Running	aswFsBlk.sys Script: Quarantine, Delete, Delete via BC
aswMon2 Driver: Unload, Delete, Disable, Delete via BC	aswMon2	Running	aswMon2.sys Script: Quarantine, Delete, Delete via BC
aswRdr Driver: Unload, Delete, Disable, Delete via BC	aswRdr	Running	aswRdr.sys Script: Quarantine, Delete, Delete via BC
aswSnx Driver: Unload, Delete, Disable, Delete via BC	aswSnx	Running	aswSnx.sys Script: Quarantine, Delete, Delete via BC
aswSP Driver: Unload, Delete, Disable, Delete via BC	aswSP	Running	aswSP.sys Script: Quarantine, Delete, Delete via BC
aswTdi Driver: Unload, Delete, Disable, Delete via BC	avast! Network Shield Support	Running	aswTdi.sys Script: Quarantine, Delete, Delete via BC
Abiosdsk Driver: Unload, Delete, Disable, Delete via BC	Abiosdsk	Not started	Abiosdsk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
abp480n5 Driver: Unload, Delete, Disable, Delete via BC	abp480n5	Not started	abp480n5.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
adpu160m Driver: Unload, Delete, Disable, Delete via BC	adpu160m	Not started	adpu160m.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Aha154x Driver: Unload, Delete, Disable, Delete via BC	Aha154x	Not started	Aha154x.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
aic78u2 Driver: Unload, Delete, Disable, Delete via BC	aic78u2	Not started	aic78u2.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
aic78xx Driver: Unload, Delete, Disable, Delete via BC	aic78xx	Not started	aic78xx.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
AliIde Driver: Unload, Delete, Disable, Delete via BC	AliIde	Not started	AliIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
amsint Driver: Unload, Delete, Disable, Delete via BC	amsint	Not started	amsint.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc Driver: Unload, Delete, Disable, Delete via BC	asc	Not started	asc.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc3350p Driver: Unload, Delete, Disable, Delete via BC	asc3350p	Not started	asc3350p.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc3550 Driver: Unload, Delete, Disable, Delete via BC	asc3550	Not started	asc3550.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Atdisk Driver: Unload, Delete, Disable, Delete via BC	Atdisk	Not started	Atdisk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
cd20xrnt Driver: Unload, Delete, Disable, Delete via BC	cd20xrnt	Not started	cd20xrnt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Changer Driver: Unload, Delete, Disable, Delete via BC	Changer	Not started	Changer.sys Script: Quarantine, Delete, Delete via BC	Filter
CmdIde Driver: Unload, Delete, Disable, Delete via BC	CmdIde	Not started	CmdIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
Cpqarray Driver: Unload, Delete, Disable, Delete via BC	Cpqarray	Not started	Cpqarray.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
dac960nt Driver: Unload, Delete, Disable, Delete via BC	dac960nt	Not started	dac960nt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
dpti2o Driver: Unload, Delete, Disable, Delete via BC	dpti2o	Not started	dpti2o.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
hpn Driver: Unload, Delete, Disable, Delete via BC	hpn	Not started	hpn.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
i2omgmt Driver: Unload, Delete, Disable, Delete via BC	i2omgmt	Not started	i2omgmt.sys Script: Quarantine, Delete, Delete via BC	SCSI Class
i2omp Driver: Unload, Delete, Disable, Delete via BC	i2omp	Not started	i2omp.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ini910u Driver: Unload, Delete, Disable, Delete via BC	ini910u	Not started	ini910u.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
IntelIde Driver: Unload, Delete, Disable, Delete via BC	IntelIde	Not started	IntelIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
lbrtfdc Driver: Unload, Delete, Disable, Delete via BC	lbrtfdc	Not started	lbrtfdc.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
mraid35x Driver: Unload, Delete, Disable, Delete via BC	mraid35x	Not started	mraid35x.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
PCIDump Driver: Unload, Delete, Disable, Delete via BC	PCIDump	Not started	PCIDump.sys Script: Quarantine, Delete, Delete via BC	PCI Configuration
PDCOMP Driver: Unload, Delete, Disable, Delete via BC	PDCOMP	Not started	PDCOMP.sys Script: Quarantine, Delete, Delete via BC
PDFRAME Driver: Unload, Delete, Disable, Delete via BC	PDFRAME	Not started	PDFRAME.sys Script: Quarantine, Delete, Delete via BC
PDRELI Driver: Unload, Delete, Disable, Delete via BC	PDRELI	Not started	PDRELI.sys Script: Quarantine, Delete, Delete via BC
PDRFRAME Driver: Unload, Delete, Disable, Delete via BC	PDRFRAME	Not started	PDRFRAME.sys Script: Quarantine, Delete, Delete via BC
perc2 Driver: Unload, Delete, Disable, Delete via BC	perc2	Not started	perc2.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
perc2hib Driver: Unload, Delete, Disable, Delete via BC	perc2hib	Not started	perc2hib.sys Script: Quarantine, Delete, Delete via BC	Filter
ql1080 Driver: Unload, Delete, Disable, Delete via BC	ql1080	Not started	ql1080.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Ql10wnt Driver: Unload, Delete, Disable, Delete via BC	Ql10wnt	Not started	Ql10wnt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql12160 Driver: Unload, Delete, Disable, Delete via BC	ql12160	Not started	ql12160.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql1240 Driver: Unload, Delete, Disable, Delete via BC	ql1240	Not started	ql1240.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql1280 Driver: Unload, Delete, Disable, Delete via BC	ql1280	Not started	ql1280.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Simbad Driver: Unload, Delete, Disable, Delete via BC	Simbad	Not started	Simbad.sys Script: Quarantine, Delete, Delete via BC	Filter
Sparrow Driver: Unload, Delete, Disable, Delete via BC	Sparrow	Not started	Sparrow.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
sym_hi Driver: Unload, Delete, Disable, Delete via BC	sym_hi	Not started	sym_hi.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
sym_u3 Driver: Unload, Delete, Disable, Delete via BC	sym_u3	Not started	sym_u3.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
symc810 Driver: Unload, Delete, Disable, Delete via BC	symc810	Not started	symc810.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
symc8xx Driver: Unload, Delete, Disable, Delete via BC	symc8xx	Not started	symc8xx.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
TosIde Driver: Unload, Delete, Disable, Delete via BC	TosIde	Not started	TosIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
ultra Driver: Unload, Delete, Disable, Delete via BC	ultra	Not started	ultra.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ViaIde Driver: Unload, Delete, Disable, Delete via BC	ViaIde	Not started	ViaIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
WDICA Driver: Unload, Delete, Disable, Delete via BC	WDICA	Not started	WDICA.sys Script: Quarantine, Delete, Delete via BC
Detected - 175, recognized as trusted - 121

Autoruns

File name	Status	Startup method	Description
C:\Bandicam\bdcam.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	E:\Documents and Settings\Honza\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, E:\Documents and Settings\Honza\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk,
C:\uTorrent\uTorrent.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	E:\Documents and Settings\Honza\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, E:\Documents and Settings\Honza\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk,
D:\Xfire\Xfire.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	E:\Documents and Settings\Honza\Nabнdka Start\Programy\Po spuљtмnн\, E:\Documents and Settings\Honza\Nabнdka Start\Programy\Po spuљtмnн\Xfire.lnk,
D:\Xfire\Xfire.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	E:\Documents and Settings\Honza\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\, E:\Documents and Settings\Honza\Data aplikacн\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk,
E:\Documents and Settings\Honza\Local Settings\Data aplikacн\a12606b9\X Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell
E:\PROGRA~1\COMMON~1\SYSTEM\MSMAPI\1029\MAPIR.DLL Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Outlook, EventMessageFile
E:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {00020D75-0000-0000-C000-000000000046} Delete
E:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {0006F045-0000-0000-C000-000000000046} Delete
E:\Program Files\Clownfish\Clownfish.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Clownfish Delete
E:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, SearchSettings Delete
E:\Program Files\Microsoft Security Client\Antimalware\MpEvMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware, EventMessageFile
E:\Program Files\Microsoft Security Client\CS-CZ\MsMpRes.dll.mui Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Security Client, EventMessageFile
E:\Program Files\Steam\bin\SteamService.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Steam Client Service, EventMessageFile
E:\WINDOWS\System32\Drivers\AliIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\aliide, EventMessageFile
E:\WINDOWS\System32\Drivers\CmdIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cmdide, EventMessageFile
E:\WINDOWS\System32\Drivers\IntelIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide, EventMessageFile
E:\WINDOWS\System32\Drivers\TosIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\toside, EventMessageFile
E:\WINDOWS\System32\Drivers\ViaIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\viaide, EventMessageFile
E:\WINDOWS\System32\Drivers\lbrtfdc.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc, EventMessageFile
E:\WINDOWS\System32\PrintFilterPipelineSvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc, EventMessageFile
E:\WINDOWS\System32\appmgmts.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters, ServiceDll Delete
E:\WINDOWS\System32\appmgmts.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management, EventMessageFile
E:\WINDOWS\System32\appmgr.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation, EventMessageFile
E:\WINDOWS\System32\fdeploy.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment, EventMessageFile
E:\WINDOWS\System32\fdeploy.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection, EventMessageFile
E:\WINDOWS\System32\igmpv2.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile
E:\WINDOWS\System32\ipbootp.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile
E:\WINDOWS\System32\iprip2.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile
E:\WINDOWS\System32\ntbackup.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup, EventMessageFile
E:\WINDOWS\System32\ospf.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF, EventMessageFile
E:\WINDOWS\System32\ospfmib.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib, EventMessageFile
E:\WINDOWS\System32\polagent.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent, EventMessageFile
E:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\NtServicePack, EventMessageFile
E:\WINDOWS\System32\spmsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WindowsMedia, EventMessageFile
E:\WINDOWS\System32\tssdis.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir, EventMessageFile
E:\WINDOWS\system32\IoctlSvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\PLFlash DeviceIoControl Service, EventMessageFile
E:\WINDOWS\system32\MsSip1.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1, $DLL Delete
E:\WINDOWS\system32\MsSip2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2, $DLL Delete
E:\WINDOWS\system32\MsSip3.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3, $DLL Delete
E:\WINDOWS\system32\asr_fmt.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands, ASR format utility for volumes Delete
E:\WINDOWS\system32\asr_ldm.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands, ASR utility for Logical Disk Manager Delete
E:\WINDOWS\system32\asr_pfu.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands, ASR protected file utility Delete
E:\WINDOWS\system32\bdmjpeg.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.mjpg Delete
E:\WINDOWS\system32\bdmpega.acm Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, msacm.bdmpeg Delete
E:\WINDOWS\system32\bdmpegv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.mpeg Delete
E:\WINDOWS\system32\psxss.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
E:\WINDOWS\system32\stisvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System, EventMessageFile
E:\WINDOWS\system32\xfcodec.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, VIDC.XFR1 Delete
appmgmts.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}, DLLName Delete
kbd101.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver JPN Delete
kbd101a.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver KOR Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-19\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-20\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Control Panel\IOProcs, MVB Delete
vgafix.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon Delete
vgaoem.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon Delete
vgasys.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon Delete
Autoruns items found - 835, recognized as trusted - 778

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
E:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll Script: Quarantine, Delete, Delete via BC	BHO	Widgi Toolbar for Internet Explorer	Copyright © 2005-2011 Spigot, Inc.	{F3FEE66E-E034-436a-86E4-9690573BEE8A} Delete
E:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll Script: Quarantine, Delete, Delete via BC	Toolbar	Widgi Toolbar for Internet Explorer	Copyright © 2005-2011 Spigot, Inc.	{F3FEE66E-E034-436a-86E4-9690573BEE8A} Delete
E:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll Script: Quarantine, Delete, Delete via BC	Extension module	Widgi Toolbar for Internet Explorer	Copyright © 2005-2011 Spigot, Inc.	{92780B25-18CC-41C8-B9BE-3C9C571A8263} Delete
E:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll Script: Quarantine, Delete, Delete via BC	URLSearchHook	Widgi Toolbar for Internet Explorer	Copyright © 2005-2011 Spigot, Inc.	{F3FEE66E-E034-436a-86E4-9690573BEE8A} Delete
Items found - 10, recognized as trusted - 6

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	Rozљншenн panelu Zobrazenн pro panoramatickй zobrazenн			{42071714-76d4-11d1-8b24-00a0c9068ff3} Delete
	Rozљншenн prostшedн pro kompresi souborщ			{764BF0E1-F219-11ce-972D-00AA00A14F56} Delete
	Kontextovб nabнdka љifrovбnн			{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} Delete
	Hlavnн panel a nabнdka Start			{0DF44EAA-FF21-4412-828E-260A8728E7F1} Delete
	Uћivatelskй ъиty			{7A9D77BD-5403-11d2-8785-2E0420524153} Delete
E:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL Script: Quarantine, Delete, Delete via BC	Microsoft Office Outlook Desktop Icon Handler	Microsoft Shell Extension Library	Copyright © 1995-2003 Microsoft Corporation. Vљechna prбva vyhrazena.	{00020D75-0000-0000-C000-000000000046} Delete
E:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL Script: Quarantine, Delete, Delete via BC	Microsoft Office Outlook Custom Icon Handler	Outlook Shell Hook for Start/Find	Copyright © 1995-2003 Microsoft Corporation. Vљechna prбva vyhrazena.	{0006F045-0000-0000-C000-000000000046} Delete
Items found - 194, recognized as trusted - 187

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
Items found - 9, recognized as trusted - 9

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer
Items found - 1, recognized as trusted - 1

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 3, recognized as trusted - 3

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 13, recognized as trusted - 13
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
445 LISTENING 0.0.0.0 28682 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
445 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Items found - 3, recognized as trusted - 3

Control Panel Applets (CPL)

File name Description Manufacturer
Items found - 27, recognized as trusted - 27

Active Setup

File name Description Manufacturer CLSID
Items found - 13, recognized as trusted - 13

HOSTS file

Hosts file record
127.0.0.1 localhost
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Items found - 31, recognized as trusted - 28

Suspicious objects

File Description Type
E:\WINDOWS\System32\Drivers\aswSP.SYS
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Kernel-mode hook
D:\Xfire\xfire_toucan_44598.dll
Script: Quarantine, Delete, Delete via BC Suspicion for Keylogger Suspicion for Keylogger or Trojan DLL

AVZ Antiviral Toolkit log; AVZ version is 4.37
Scanning started at 11.11.2011 16:53:09
Database loaded: signatures - 294772, NN profile(s) - 2, malware removal microprograms - 56, signature database released 06.11.2011 21:44
Heuristic microprograms loaded: 388
PVS microprograms loaded: 9
Digital signatures of system files loaded: 304025
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Driver loaded successfully
 SDT found (RVA=085700)
 Kernel ntkrnlpa.exe found in memory at address 804D7000
   SDT = 8055C700
   KiST = 80504480 (284)
Functions checked: 284, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
 Analyzing CPU 1
 Analyzing CPU 2
 Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Driver loaded successfully
\FileSystem\ntfs[IRP_MJ_CREATE] = A98EE4C4 -> E:\WINDOWS\System32\Drivers\aswSP.SYS
\FileSystem\ntfs[IRP_MJ_CLOSE] = A98EE504 -> E:\WINDOWS\System32\Drivers\aswSP.SYS
\FileSystem\ntfs[IRP_MJ_WRITE] = A98EE5CC -> E:\WINDOWS\System32\Drivers\aswSP.SYS
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = A98EE60C -> E:\WINDOWS\System32\Drivers\aswSP.SYS
 Checking - complete
2. Scanning RAM
 Number of processes found: 32
Extended process analysis: 1436 E:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 448 E:\Program Files\Clownfish\Clownfish.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
[ES]:Loads RASAPI DLL - may use dialing ?
 Number of modules loaded: 388
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
D:\Xfire\xfire_toucan_44598.dll --> Suspicion for Keylogger or Trojan DLL
D:\Xfire\xfire_toucan_44598.dll>>> Behaviour analysis 
  1. Reacts to events: keyboard, mouse, all events
D:\Xfire\xfire_toucan_44598.dll>>> Neural net: file is 0.00% like a typical keyboard/mouse events interceptor
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Termin?lov? slu?ba)
>> Services: potentially dangerous service allowed: SSDPSRV (Slu?ba rozpozn?v?n? pomoc? protokolu SSDP)
>> Services: potentially dangerous service allowed: Schedule (Pl?nova? ?loh)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting - Vzd?len? sd?len? plochy)
>> Services: potentially dangerous service allowed: RDSessMgr (Spr?vce relac? n?pov?dy ke vzd?len? plo?e)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 420, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 11.11.2011 16:53:50
Time of scanning: 00:00:43
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (Terminбlovб sluћba)
Performance tweaking: disable service SSDPSRV (Sluћba rozpoznбvбnн pomocн protokolu SSDP)
Performance tweaking: disable service Schedule (Plбnovaи ъloh)
Performance tweaking: disable service mnmsrvc (NetMeeting - Vzdбlenй sdнlenн plochy)
Performance tweaking: disable service RDSessMgr (Sprбvce relacн nбpovмdy ke vzdбlenй ploљe)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
445	LISTENING	0.0.0.0	28682	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
445	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate