Virus - katastrofa Vyřešeno

[tanuli]

Dobrý den,
pravděpodobně jsem dostala do počítače šílený virus s kterým si nevím rady. V první řadě mi vypnul antivir, odpojil od sítě, nepustí mě obnovit systém, nepustí mě nainstalovat žádný antivir ani vytvořit log. Opravdu jsem bezradná a nevím co dělat. Prosím o pomoc. Děkuji. Tanuli

[Reklama]

[TheSkeleton]

to už je učiněný ďábel, takže vpodstatě nemůžeš nic dělat.... nejjednoduší by bylo reinstal OS, ale počkej si na příspěvky zkušennějších

[Argoneus]

zkus udělat log z HijackThis v nouzovém režimu.

[tanuli]

zkus udělat log z HijackThis v nouzovém režimu.

Bohužel mě to nepustí ani do nouzového režimu. Hodí mi to chybu, kterou si ani nestačím přečíst a znovu se to restartuje.

[AlbiDC.]

Já bych to viděl na přendání hardisku do jiného počítače, zálohu důležitých dat a projetí antivirem. Kdyby ten antivir nepomohl tak formát, reinstal a následnou koupi nějakého kvalitního antiviru, třeba NOD32 a instalaci rezidentního Spybotu Search and Destroy .. link zde: http://www.safer-networking.org/en/home/index.html

ještě mě napadlo zkusit nabootovat z CD-ROM instalačky Windowsů a dát opravu systému (někde se tam mačká R), ale je možný, že to udělá maglajs, to bych zkusil ještě před tím reinstalem.. kdy není co ztratit

[tanuli]

Mám podezření na jeden soubor. Při kontrole disku mi vypadla hláška, že problém může dělat soubor srosa.sys.
Nemáte nějaké nápady. Děkuji.

[jaro3]

můžeš ho najít a smazat.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[tanuli]

Zkusila jsem COmboFix a vyjelo mi toto:

ComboFix 08-12-31.01 - Administrator 2009-01-01 11:46:33.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.478.248 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\TermVir.exe
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Data aplikací\drivers\downld
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27805612.exe
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27807384.exe
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27807414.exe
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27812832.exe
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27867531.exe
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27868582.exe
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27868883.exe
c:\documents and settings\Administrator\Data aplikací\drivers\srosa.sys
c:\documents and settings\Administrator\Data aplikací\drivers\srosa2.sys
c:\documents and settings\Administrator\Data aplikací\drivers\winupgro.exe
c:\program files\Messenger\msmsgs.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Soubory vytvořené od 2008-12-01 do 2009-01-01 )))))))))))))))))))))))))))))))
.

2008-12-13 12:32 . 2008-12-13 12:32 49 --a------ c:\windows\NeroDigital.ini
2008-12-13 12:29 . 2008-12-13 12:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ahead
2008-12-13 12:29 . 2008-12-13 12:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ahead
2008-12-13 12:29 . 2008-12-13 12:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ahead
2008-12-13 12:27 . 2008-12-13 12:27 <DIR> d-------- c:\program files\Ahead
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\program files\Software602
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\program files\Common Files\soft602
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2008-12-13 12:10 . 2008-06-23 10:56 3,756,032 --a------ c:\windows\system32\cdintf300.dll
2008-12-13 12:10 . 2007-07-30 14:36 1,843,200 --a------ c:\windows\system32\acXMLParser.dll
2008-12-13 12:10 . 2006-11-04 15:14 1,245,696 --a------ c:\windows\system32\msxml4.dll
2008-12-13 12:10 . 2003-04-18 16:29 82,432 --a------ c:\windows\system32\msxml4r.dll
2008-12-13 12:10 . 2003-04-18 16:29 44,544 --a------ c:\windows\system32\msxml4a.dll
2008-12-13 12:10 . 2003-05-12 12:04 402 --a------ c:\windows\system32\msxml4.inf
2008-12-13 11:59 . 2008-12-13 11:59 <DIR> d--h----- c:\documents and settings\Administrator\Data aplikací\drivers
2008-12-13 11:59 . 2008-12-13 11:59 <DIR> d--h----- c:\documents and settings\Administrator\Data aplikací\drivers
2008-12-13 11:59 . 2008-12-13 11:59 <DIR> d--h----- c:\documents and settings\Administrator\Data aplikací\drivers
2008-12-13 11:57 . 2008-12-13 11:57 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Free Download Manager
2008-12-13 11:57 . 2008-12-13 11:57 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Free Download Manager
2008-12-13 11:57 . 2008-12-13 11:57 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Free Download Manager
2008-12-13 11:56 . 2008-12-13 11:56 <DIR> d-------- c:\program files\Free Download Manager
2008-12-13 11:56 . 2008-12-13 11:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FreeDownloadManager.ORG
2008-12-13 11:49 . 2008-12-13 11:49 <DIR> d-------- C:\hijackthis
2008-12-13 11:48 . 2008-12-13 11:48 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\skypePM
2008-12-13 11:48 . 2008-12-13 11:48 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\skypePM
2008-12-13 11:48 . 2008-12-13 11:48 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\skypePM
2008-12-13 11:48 . 2008-12-13 11:48 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\program files\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Skype
2008-12-13 11:44 . 2008-12-13 11:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\avg8
2008-12-13 11:42 . 2008-12-13 11:42 <DIR> d--hs---- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 10:41 90,112 ----a-w c:\windows\DUMP3e31.tmp
2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-11-30 16:28 --------- d-----w c:\program files\EA SPORTS
2008-11-23 21:11 --------- d-----w c:\program files\ICQ6Toolbar
2008-11-23 21:11 --------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2008-11-23 21:10 --------- d-----w c:\program files\ICQ6.5
2008-11-23 21:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2008-11-23 21:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2008-11-23 21:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2008-11-23 21:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-23 21:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-23 21:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-23 20:50 --------- d-----w c:\program files\Java
2008-11-23 20:50 --------- d-----w c:\program files\Common Files\Java
2008-11-23 20:45 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-23 16:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2008-11-23 16:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2008-11-23 16:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2008-11-23 16:35 --------- d-----w c:\program files\Zoner
2008-11-23 16:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-23 16:11 --------- d-----w c:\program files\Google
2008-11-23 16:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-23 16:08 --------- d-----w c:\program files\NOS
2008-11-23 16:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\NOS
2008-11-19 11:41 --------- d-----w c:\program files\Codec Pack - All In 1
2008-11-19 11:40 737,280 ----a-w c:\windows\iun6002.exe
2008-11-19 11:36 --------- d-----w c:\program files\totalcmd
2008-11-19 10:25 --------- d-----w c:\program files\Winamp
2008-11-19 10:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2008-11-19 10:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2008-11-19 10:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2008-11-19 10:21 --------- d-----w c:\program files\Real
2008-11-19 10:21 --------- d-----w c:\program files\Common Files\xing shared
2008-11-19 10:21 --------- d-----w c:\program files\Common Files\Real
2008-11-19 10:19 --------- d-----w c:\program files\Mv2Player
2008-11-19 10:15 --------- d-----w c:\program files\7-Zip
2008-11-19 10:13 --------- d-----w c:\program files\Microsoft Works
2008-11-19 10:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-11-19 10:12 --------- d-----w c:\program files\Alwil Software
2008-11-18 16:22 --------- d-----w c:\program files\microsoft frontpage
2008-11-18 16:21 --------- d-----w c:\program files\Broadcom
2008-11-18 16:21 --------- d-----w c:\documents and settings\Administrator\Data aplikací\InterVideo
2008-11-18 16:21 --------- d-----w c:\documents and settings\Administrator\Data aplikací\InterVideo
2008-11-18 16:21 --------- d-----w c:\documents and settings\Administrator\Data aplikací\InterVideo
2008-11-18 16:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 16:19 --------- d-----w c:\program files\SP31763
2008-11-18 16:19 --------- d-----w c:\program files\InterVideo
2008-11-18 16:19 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-07 15:45 2,174,976 ----a-w c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:42 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-23 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-11-18 184320]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-11-23 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2007-08-02 69120]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
FF - ProfilePath -

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 11:45:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\.Default\Software\Microsoft\Windows NT\CurrentVersion\Network\P*NULL*r*NULL*o*NULL*h*NULL*l*NULL*í*NULL*~
e*NULL*

*NULL*u*NULL*d*NULL*á*NULL*l*NULL*o*NULL*s*NULL*t*NULL*í*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\.Default\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\.Default\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
*NULL*p*NULL*r*NULL*o*NULL* *NULL*d*NULL*o*NULL*m*NULL*é*NULL*n*NULL*y*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\P*NULL*r*NULL*o*NULL*h*NULL*l*NULL*í*NULL*~
e*NULL*

*NULL*u*NULL*d*NULL*á*NULL*l*NULL*o*NULL*s*NULL*t*NULL*í*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
*NULL*p*NULL*r*NULL*o*NULL* *NULL*d*NULL*o*NULL*m*NULL*é*NULL*n*NULL*y*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\P*NULL*r*NULL*o*NULL*h*NULL*l*NULL*í*NULL*~
e*NULL*

*NULL*u*NULL*d*NULL*á*NULL*l*NULL*o*NULL*s*NULL*t*NULL*í*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
*NULL*p*NULL*r*NULL*o*NULL* *NULL*d*NULL*o*NULL*m*NULL*é*NULL*n*NULL*y*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\Administrator\Software\Microsoft\Internet Explorer\MenuExt\S*NULL*t*NULL*á*NULL*h*NULL*n*NULL*o*NULL*u*NULL*t*NULL* *NULL*v*NULL*a
e*NULL* *NULL*F*NULL*r*NULL*e*NULL*e*NULL* *NULL*D*NULL*o*NULL*w*NULL*n*NULL*l*NULL*o*NULL*a*NULL*d*NULL* *NULL*M*NULL*a*NULL*n*NULL*a*NULL*g*NULL*e*NULL*r*NULL*e*NULL*m*NULL*]
@Security="Inherited"
@="file://c:\\Program Files\\Free Download Manager\\dlall.htm"
"Contexts"=dword:00000033
"Free Download Manager"=dword:00000001

[HKEY_USERS\Administrator\Software\Microsoft\PCHealth\Global\WindowPlacement\1*NULL*0*NULL*2*NULL*4*NULL*_*NULL*7*NULL*6*NULL*8*NULL*_*NULL*C*NULL*e*NULL*n*NULL*t*NULL*r*NULL*u*NULL*m*NULL* *NULL*p*NULL*r*NULL*o*NULL* *NULL*n*NULL*á*NULL*p*NULL*o*NULL*v*NULL*
d*NULL*u*NULL* *NULL*a*NULL* *NULL*o*NULL*d*NULL*b*NULL*o*NULL*r*NULL*n*NULL*o*NULL*u*NULL* *NULL*p*NULL*o*NULL*m*NULL*o*NULL*c*NULL*]
@Security="Inherited"
"Maximized"=dword:00000000
"Rect"=hex:16,00,00,00,2c,00,00,00,16,03,00,00,b6,02,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Protected Storage System Provider\S-1-5-21-1085031214-1993962763-1957994488-500\Data\220d5cc1-853a-11d0-84bc-00c04fd43f8f\417e2d75-84bd-11d0-84bb-00c04fd43f8f\T*NULL*a*NULL*e
á*NULL*n*NULL*a*NULL* *NULL*Z*NULL*e*NULL*m*NULL*á*NULL*n*NULL*k*NULL*o*NULL*v*NULL*á*NULL*6*NULL*7*NULL*9*NULL*A*NULL*6*NULL*1*NULL*D*NULL*0*NULL*]
@Security="Inherited"
"Behavior"=hex:02,00,00,00,02,00,00,00,10,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,00,00,14,00,00,00,16,5b,05,ca,7d,b6,95,f5,14,ed,16,70,5a,4e,\
03,3c,c5,e7,66,58
"Item Data"=hex:02,00,00,00,18,00,00,00,fe,c2,3a,fa,dc,d5,81,e4,3b,47,cb,ce,3f,\
34,b4,32,70,8d,86,f8,19,15,f6,5f,20,00,00,00,e7,8a,7e,ba,a1,00,d3,ec,b0,9e,\
0b,43,77,69,28,69,7f,fa,54,ef,11,46,21,b1,73,8a,f0,ca,65,1d,99,13

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero\U*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*s*NULL*k*NULL*é*NULL* *NULL*p*NULL*Y
í*NULL*r*NULL*u*NULL*

k*NULL*y*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\P*NULL*o*NULL* *NULL*s*NULL*p*NULL*u*NULL*a
t*NULL*
n*NULL*í*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,60,01,00,00,01,00,00,00,02,00,00,00,7c,00,\
00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,\
00,57,06,00,00,72,39,64,82,20,00,44,56,44,43,48,45,7e,31,2e,4c,4e,4b,00,00,\
32,00,03,00,04,00,ef,be,72,39,64,82,8c,39,00,b8,14,00,00,00,44,00,56,00,44,\
00,20,00,43,00,68,00,65,00,63,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,00,00,d8,00,00,\
00,01,00,00,00,ca,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,b8,00,36,00,\
5b,03,00,00,7e,39,ae,85,20,00,56,00,fd,00,59,01,65,00,7a,00,79,00,20,00,6f,\
00,62,00,72,00,61,00,7a,00,6f,00,82,00,03,00,04,00,ef,be,7e,39,ae,85,8c,39,\
00,b8,14,00,00,00,56,00,fd,00,59,01,65,00,7a,00,79,00,20,00,6f,00,62,00,72,\
00,61,00,7a,00,6f,00,76,00,6b,00,79,00,20,00,61,00,20,00,73,00,70,00,75,00,\
61,01,74,00,1b,01,6e,00,ed,00,20,00,61,00,70,00,6c,00,69,00,6b,00,61,00,63,\
00,65,00,20,00,4f,00,6e,00,65,00,4e,00,6f,00,74,00,65,00,20,00,32,00,30,00,\
30,00,37,00,2e,00,6c,00,6e,00,6b,00,00,00,28,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,28,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\P*NULL*Y
í*NULL*s*NULL*l*NULL*u*NULL*a
e*NULL*n*NULL*s*NULL*t*NULL*v*NULL*í*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,c0,0a,00,00,01,00,00,00,0f,00,00,00,86,00,\
00,00,00,00,00,00,78,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,66,00,31,\
00,00,00,00,00,72,39,dd,81,11,00,4b,4f,4d,55,4e,49,7e,31,00,00,40,00,03,00,\
04,00,ef,be,72,39,dd,81,71,39,00,b8,14,00,2a,00,4b,00,6f,00,6d,00,75,00,6e,\
00,69,00,6b,00,61,00,63,00,65,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,\
2c,2d,32,31,37,36,38,00,18,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,18,00,00,\
00,00,00,00,00,00,00,18,01,00,00,0d,00,00,00,0a,01,00,00,41,75,67,4d,02,00,\
00,00,02,00,00,00,6a,00,35,00,00,00,00,00,77,39,a8,80,10,00,53,00,79,00,73,\
00,74,00,e9,00,6d,00,6f,00,76,00,e9,00,3c,00,03,00,04,00,ef,be,77,39,a8,80,\
76,39,00,b8,14,00,00,00,53,00,79,00,73,00,74,00,e9,00,6d,00,6f,00,76,00,e9,\
00,20,00,6e,00,e1,00,73,00,74,00,72,00,6f,00,6a,00,65,00,00,00,20,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,20,00,00,00,8c,00,35,00,00,00,00,00,72,39,69,\
82,11,00,53,00,79,00,73,00,74,00,e9,00,6d,00,6f,00,76,00,e9,00,50,00,03,00,\
04,00,ef,be,72,39,69,82,71,39,00,b8,14,00,3a,00,53,00,79,00,73,00,74,00,e9,\
00,6d,00,6f,00,76,00,e9,00,20,00,6e,00,e1,00,73,00,74,00,72,00,6f,00,6a,00,\
65,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,31,37,38,38,00,20,\
00,0e,00,00,00,00,00,ef,be,01,00,00,00,20,00,0e,00,00,00,0a,00,ef,be,01,00,\
00,00,20,00,00,00,00,00,00,00,00,00,e4,00,00,00,01,00,00,00,d6,00,00,00,41,\
75,67,4d,02,00,00,00,02,00,00,00,64,00,31,00,00,00,00,00,72,39,cf,82,11,00,\
55,53,4e,41,44,4e,7e,31,00,00,3e,00,03,00,04,00,ef,be,72,39,9a,84,76,39,00,\
b8,14,00,28,00,55,00,73,00,6e,00,61,00,64,00,6e,00,1b,01,6e,00,ed,00,00,00,\
40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,31,37,36,30,00,18,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,18,00,00,00,5e,00,31,00,00,00,00,00,72,39,69,82,\
11,00,55,53,4e,41,44,4e,7e,31,00,00,2a,00,03,00,04,00,ef,be,72,39,69,82,71,\
39,00,b8,14,00,00,00,55,00,73,00,6e,00,61,00,64,00,6e,00,1b,01,6e,00,ed,00,\
00,00,18,00,0e,00,00,00,00,00,ef,be,01,00,00,00,18,00,0e,00,00,00,0a,00,ef,\
be,01,00,00,00,18,00,00,00,00,00,00,00,00,00,e0,00,00,00,02,00,00,00,d2,00,\
00,00,41,75,67,4d,02,00,00,00,02,00,00,00,62,00,35,00,00,00,00,00,72,39,cf,\
82,11,00,5a,00,e1,00,62,00,61,00,76,00,61,00,00,00,38,00,03,00,04,00,ef,be,\
72,39,9a,84,76,39,00,b8,14,00,22,00,5a,00,e1,00,62,00,61,00,76,00,61,00,00,\
00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,31,37,37,32,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,5c,00,35,00,00,00,00,00,72,39,69,\
82,11,00,5a,00,e1,00,62,00,61,00,76,00,61,00,00,00,24,00,03,00,04,00,ef,be,\
72,39,69,82,76,39,00,b8,14,00,00,00,5a,00,e1,00,62,00,61,00,76,00,61,00,00,\
00,1c,00,0e,00,00,00,00,00,ef,be,01,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
01,00,00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,03,00,00,00,88,00,00,\
00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,36,00,a6,02,00,00,77,39,d6,80,\
20,00,41,00,64,00,72,00,65,00,73,00,e1,00,59,01,2e,00,6c,00,6e,00,6b,00,00,\
00,42,00,03,00,04,00,ef,be,72,39,a1,84,8c,39,00,b8,14,00,2c,00,41,00,64,00,\
72,00,65,00,73,00,e1,00,59,01,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,\
6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,31,37,00,26,00,0e,00,00,00,0a,00,ef,be,\
00,00,00,00,26,00,00,00,00,00,00,00,00,00,92,00,00,00,04,00,00,00,84,00,00,\
00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,7a,05,00,00,8d,39,79,55,\
20,00,4b,41,4c,4b,55,4c,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,04,00,ef,be,72,\
39,69,82,8c,39,00,b8,14,00,32,00,4b,00,61,00,6c,00,6b,00,75,00,6c,00,61,00,\
0d,01,6b,00,61,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,\
64,6c,6c,2c,2d,32,32,30,31,39,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,9a,00,00,00,05,00,00,00,8c,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,7a,00,36,00,90,05,00,00,72,39,69,82,20,00,4d,00,\
61,00,6c,00,6f,00,76,00,e1,00,6e,00,ed,00,2e,00,6c,00,6e,00,6b,00,00,00,44,\
00,03,00,04,00,ef,be,72,39,69,82,8c,39,00,b8,14,00,2e,00,4d,00,61,00,6c,00,\
6f,00,76,00,e1,00,6e,00,ed,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,\
6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,35,34,00,28,00,0e,00,00,00,0a,00,ef,be,\
01,00,00,00,28,00,00,00,00,00,00,00,00,00,a8,00,00,00,06,00,00,00,9a,00,00,\
00,41,75,67,4d,02,00,00,00,01,00,00,00,88,00,36,00,94,05,00,00,72,39,cf,82,\
20,00,50,00,6f,00,7a,00,6e,00,e1,00,6d,00,6b,00,6f,00,76,00,fd,00,20,00,62,\
00,6c,00,52,00,03,00,04,00,ef,be,72,39,9a,84,8c,39,00,b8,14,00,3c,00,50,00,\
6f,00,7a,00,6e,00,e1,00,6d,00,6b,00,6f,00,76,00,fd,00,20,00,62,00,6c,00,6f,\
00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,\
2c,2d,32,32,30,35,31,00,28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,\
00,00,00,00,00,00,00,d4,00,00,00,07,00,00,00,c6,00,00,00,41,75,67,4d,02,00,\
00,00,01,00,00,00,b4,00,36,00,97,05,00,00,77,39,da,7e,20,00,50,00,72,00,6f,\
00,68,00,6c,00,ed,00,64,00,6b,00,61,00,20,00,73,00,79,00,73,00,7e,00,03,00,\
04,00,ef,be,72,39,9a,84,8c,39,00,b8,14,00,56,00,50,00,72,00,6f,00,68,00,6c,\
00,ed,00,64,00,6b,00,61,00,20,00,73,00,79,00,73,00,74,00,e9,00,6d,00,75,00,\
20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,58,00,50,00,2e,00,6c,\
00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,74,6f,75,72,73,74,61,72,74,2e,65,78,65,2c,2d,31,00,28,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,28,00,00,00,00,00,00,00,00,00,ee,00,00,00,08,00,\
00,00,e0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,ce,00,36,00,82,01,00,\
00,72,39,cf,82,20,00,50,00,72,00,6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,\
6f,00,76,00,1b,01,59,01,98,00,03,00,04,00,ef,be,72,39,9a,84,8c,39,00,b8,14,\
00,6e,00,50,00,72,00,6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,6f,00,76,00,\
1b,01,59,01,65,00,6e,00,ed,00,6d,00,20,00,6b,00,6f,00,6d,00,70,00,61,00,74,\
00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,20,00,70,00,72,00,6f,00,67,00,\
72,00,61,00,6d,00,75,00,2e,00,6c,00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,\
44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,63,6f,6d,70,61,74,55,49,2e,64,6c,\
6c,2c,2d,31,31,35,00,00,28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,\
00,00,00,00,00,00,00,ae,00,00,00,09,00,00,00,a0,00,00,00,41,75,67,4d,02,00,\
00,00,01,00,00,00,8e,00,36,00,74,05,00,00,72,39,a2,82,20,00,50,00,72,00,6f,\
01,7a,00,6b,00,75,00,6d,00,6e,00,ed,00,6b,00,20,00,57,00,69,00,58,00,03,00,\
04,00,ef,be,72,39,9a,84,8c,39,00,b8,14,00,42,00,50,00,72,00,6f,01,7a,00,6b,\
00,75,00,6d,00,6e,00,ed,00,6b,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,\
2d,32,32,30,36,37,00,28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,00,\
00,00,00,00,00,00,a8,00,00,00,0a,00,00,00,9a,00,00,00,41,75,67,4d,02,00,00,\
00,01,00,00,00,88,00,36,00,b3,05,00,00,77,39,83,a6,20,00,50,00,59,01,ed,00,\
6b,00,61,00,7a,00,6f,00,76,00,fd,00,20,00,59,01,e1,00,64,00,52,00,03,00,04,\
00,ef,be,72,39,9a,84,8c,39,00,b8,14,00,3c,00,50,00,59,01,ed,00,6b,00,61,00,\
7a,00,6f,00,76,00,fd,00,20,00,59,01,e1,00,64,00,65,00,6b,00,2e,00,6c,00,6e,\
00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,32,32,00,\
28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,00,00,00,00,00,00,00,ac,\
00,00,00,0e,00,00,00,9e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8c,00,\
36,00,d7,05,00,00,77,39,d8,84,20,00,50,00,59,01,69,00,70,00,6f,00,6a,00,65,\
00,6e,00,ed,00,20,00,6b,00,65,00,20,00,56,00,03,00,04,00,ef,be,77,39,d8,84,\
8c,39,00,b8,14,00,00,00,50,00,59,01,69,00,70,00,6f,00,6a,00,65,00,6e,00,ed,\
00,20,00,6b,00,65,00,20,00,76,00,7a,00,64,00,e1,00,6c,00,65,00,6e,00,e9,00,\
20,00,70,00,6c,00,6f,00,61,01,65,00,2e,00,6c,00,6e,00,6b,00,00,00,28,00,0e,\
00,00,00,0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,00,00,00,00,9a,00,00,00,\
0b,00,00,00,8c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7a,00,32,00,94,\
05,00,00,72,39,cf,82,20,00,53,59,4e,43,48,52,7e,31,2e,4c,4e,4b,00,00,50,00,\
03,00,04,00,ef,be,72,39,9a,84,8c,39,00,b8,14,00,3a,00,53,00,79,00,6e,00,63,\
00,68,00,72,00,6f,00,6e,00,69,00,7a,00,6f,00,76,00,61,00,74,00,2e,00,6c,00,\
6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,36,32,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,\
8a,00,00,00,0c,00,00,00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6a,\
00,32,00,14,03,00,00,72,39,69,82,20,00,57,4f,52,44,50,41,44,2e,4c,4e,4b,00,\
42,00,03,00,04,00,ef,be,72,39,69,82,8c,39,00,b8,14,00,2c,00,57,00,6f,00,72,\
00,64,00,50,00,61,00,64,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,\
33,32,2e,64,6c,6c,2c,2d,32,32,30,36,39,00,1a,00,0e,00,00,00,0a,00,ef,be,01,\
00,00,00,1a,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\P*NULL*Y
í*NULL*s*NULL*l*NULL*u*NULL*a
e*NULL*n*NULL*s*NULL*t*NULL*v*NULL*í*NULL*\Komunikace]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,ea,03,00,00,01,00,00,00,05,00,00,00,e4,00,\
00,00,00,00,00,00,d6,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,c4,00,36,\
00,18,06,00,00,77,39,17,85,20,00,50,00,72,00,6f,01,76,00,6f,00,64,00,63,00,\
65,00,20,00,69,00,6e,00,73,00,74,00,8e,00,03,00,04,00,ef,be,72,39,cf,82,8c,\
39,00,b8,14,00,62,00,50,00,72,00,6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,\
69,00,6e,00,73,00,74,00,61,00,6c,00,61,00,63,00,ed,00,20,00,62,00,65,00,7a,\
00,64,00,72,00,e1,00,74,00,6f,00,76,00,e9,00,20,00,73,00,ed,00,74,00,1b,01,\
2e,00,6c,00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,\
74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,2c,2d,31,36,32,30,31,\
00,00,28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,00,00,00,00,00,00,\
00,98,00,00,00,01,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,\
78,00,32,00,b7,02,00,00,72,39,69,82,20,00,48,59,50,45,52,54,7e,31,2e,4c,4e,\
4b,00,00,4e,00,03,00,04,00,ef,be,72,39,69,82,8c,39,00,b8,14,00,38,00,48,00,\
79,00,70,00,65,00,72,00,54,00,65,00,72,00,6d,00,69,00,6e,00,61,00,6c,00,2e,\
00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,\
30,33,31,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
00,00,00,cc,00,00,00,02,00,00,00,be,00,00,00,41,75,67,4d,02,00,00,00,01,00,\
00,00,ac,00,36,00,0d,06,00,00,72,39,a0,82,20,00,50,00,72,00,6f,01,76,00,6f,\
00,64,00,63,00,65,00,20,00,69,00,6e,00,73,00,74,00,76,00,03,00,04,00,ef,be,\
72,39,a0,82,8c,39,00,b8,14,00,4c,00,50,00,72,00,6f,01,76,00,6f,00,64,00,63,\
00,65,00,20,00,69,00,6e,00,73,00,74,00,61,00,6c,00,61,00,63,00,ed,00,20,00,\
73,00,ed,00,74,00,1b,01,2e,00,6c,00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,\
44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,68,6e,65,74,77,69,7a,2e,64,6c,6c,\
2c,2d,33,30,38,35,00,00,28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,\
00,00,00,00,00,00,00,d8,00,00,00,03,00,00,00,ca,00,00,00,41,75,67,4d,02,00,\
00,00,01,00,00,00,b8,00,36,00,13,06,00,00,72,39,dd,81,20,00,50,00,72,00,6f,\
01,76,00,6f,00,64,00,63,00,65,00,20,00,76,00,79,00,74,00,76,00,82,00,03,00,\
04,00,ef,be,72,39,dd,81,8c,39,00,b8,14,00,58,00,50,00,72,00,6f,01,76,00,6f,\
00,64,00,63,00,65,00,20,00,76,00,79,00,74,00,76,00,6f,00,59,01,65,00,6e,00,\
ed,00,6d,00,20,00,70,00,59,01,69,00,70,00,6f,00,6a,00,65,00,6e,00,ed,00,2e,\
00,6c,00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,\
65,6d,33,32,5c,6e,65,74,73,68,65,6c,6c,2e,64,6c,6c,2c,2d,31,30,31,30,00,28,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,00,00,00,00,00,00,00,be,00,\
00,00,04,00,00,00,b0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,9e,00,36,\
00,82,06,00,00,72,39,dd,81,20,00,53,00,ed,00,65,01,6f,00,76,00,e1,00,20,00,\
70,00,59,01,69,00,70,00,6f,00,6a,00,68,00,03,00,04,00,ef,be,72,39,dd,81,8c,\
39,00,b8,14,00,3e,00,53,00,ed,00,65,01,6f,00,76,00,e1,00,20,00,70,00,59,01,\
69,00,70,00,6f,00,6a,00,65,00,6e,00,ed,00,2e,00,6c,00,6e,00,6b,00,00,00,40,\
43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6e,65,74,73,68,\
65,6c,6c,2e,64,6c,6c,2c,2d,31,32,30,30,00,28,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,28,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\P*NULL*Y
í*NULL*s*NULL*l*NULL*u*NULL*a
e*NULL*n*NULL*s*NULL*t*NULL*v*NULL*í*NULL*\Systémové nástroje]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,f8,06,00,00,01,00,00,00,0a,00,00,00,c6,00,\
00,00,00,00,00,00,b8,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,a6,00,32,\
00,e4,05,00,00,72,39,cf,82,20,00,41,4b,54,49,56,41,7e,31,2e,4c,4e,4b,00,00,\
7c,00,03,00,04,00,ef,be,72,39,cf,82,8c,39,00,b8,14,00,4e,00,41,00,6b,00,74,\
00,69,00,76,00,61,00,63,00,65,00,20,00,73,00,79,00,73,00,74,00,e9,00,6d,00,\
75,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,2e,00,6c,00,6e,00,6b,\
00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6f,\
6f,62,65,5c,6d,73,6f,6f,62,65,2e,65,78,65,2c,2d,32,30,30,30,00,00,1c,00,0e,\
00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,00,00,a4,00,00,00,\
01,00,00,00,96,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,84,00,32,00,c9,\
05,00,00,72,39,a1,82,20,00,44,45,46,52,41,47,7e,31,2e,4c,4e,4b,00,00,5a,00,\
03,00,04,00,ef,be,72,39,a1,82,8c,39,00,b8,14,00,44,00,44,00,65,00,66,00,72,\
00,61,00,67,00,6d,00,65,00,6e,00,74,00,61,00,63,00,65,00,20,00,64,00,69,00,\
73,00,6b,00,75,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,\
64,6c,6c,2c,2d,32,32,30,32,37,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,a8,00,00,00,09,00,00,00,9a,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,88,00,32,00,e1,02,00,00,77,39,a8,80,20,00,49,4e,\
54,45,52,4e,7e,32,2e,4c,4e,4b,00,00,5e,00,03,00,04,00,ef,be,77,39,a8,80,8c,\
39,00,b8,14,00,00,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,\
45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,20,00,28,00,62,00,65,00,7a,\
00,20,00,64,00,6f,00,70,00,6c,00,48,01,6b,00,6f,01,29,00,2e,00,6c,00,6e,00,\
6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
00,00,00,92,00,00,00,02,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,\
00,00,72,00,32,00,96,05,00,00,72,39,69,82,20,00,4d,41,50,41,5a,4e,7e,31,2e,\
4c,4e,4b,00,00,48,00,03,00,04,00,ef,be,72,39,69,82,8c,39,00,b8,14,00,32,00,\
4d,00,61,00,70,00,61,00,20,00,7a,00,6e,00,61,00,6b,00,6f,01,2e,00,6c,00,6e,\
00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,32,31,00,\
1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,00,00,ac,\
00,00,00,03,00,00,00,9e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8c,00,\
36,00,7e,06,00,00,72,39,a2,82,20,00,4e,00,61,00,70,00,6c,00,e1,00,6e,00,6f,\
00,76,00,61,00,6e,00,e9,00,20,00,fa,00,56,00,03,00,04,00,ef,be,72,39,a2,82,\
8c,39,00,b8,14,00,40,00,4e,00,61,00,70,00,6c,00,e1,00,6e,00,6f,00,76,00,61,\
00,6e,00,e9,00,20,00,fa,00,6c,00,6f,00,68,00,79,00,2e,00,6c,00,6e,00,6b,00,\
00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,35,38,00,28,00,0e,\
00,00,00,0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,00,00,00,00,b8,00,00,00,\
04,00,00,00,aa,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,98,00,32,00,f0,\
05,00,00,8d,39,37,55,20,00,4f,42,4e,4f,56,45,7e,31,2e,4c,4e,4b,00,00,6e,00,\
03,00,04,00,ef,be,72,39,a2,82,8c,39,00,b8,14,00,3e,00,4f,00,62,00,6e,00,6f,\
00,76,00,65,00,6e,00,ed,00,20,00,73,00,79,00,73,00,74,00,e9,00,6d,00,75,00,\
2e,00,6c,00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,\
74,65,6d,33,32,5c,72,65,73,74,6f,72,65,5c,72,73,74,72,75,69,2e,65,78,65,2c,\
2d,32,30,34,38,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,\
00,00,00,00,00,ee,00,00,00,05,00,00,00,e0,00,00,00,41,75,67,4d,02,00,00,00,\
01,00,00,00,ce,00,36,00,d7,05,00,00,77,39,06,84,20,00,50,00,72,00,6f,01,76,\
00,6f,00,64,00,63,00,65,00,20,00,70,00,59,01,65,00,6e,00,98,00,03,00,04,00,\
ef,be,72,39,cf,82,8c,39,00,b8,14,00,6c,00,50,00,72,00,6f,01,76,00,6f,00,64,\
00,63,00,65,00,20,00,70,00,59,01,65,00,6e,00,65,00,73,00,65,00,6e,00,ed,00,\
6d,00,20,00,73,00,6f,00,75,00,62,00,6f,00,72,00,6f,01,20,00,61,00,20,00,6e,\
00,61,00,73,00,74,00,61,00,76,00,65,00,6e,00,ed,00,2e,00,6c,00,6e,00,6b,00,\
00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,75,73,\
6d,74,5c,6d,69,67,77,69,7a,2e,65,78,65,2c,2d,32,30,32,00,28,00,0e,00,00,00,\
0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,00,00,00,00,b0,00,00,00,06,00,00,\
00,a2,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,90,00,36,00,d3,03,00,00,\
72,39,a1,82,20,00,53,00,79,00,73,00,74,00,e9,00,6d,00,6f,00,76,00,e9,00,20,\
00,69,00,6e,00,66,00,5a,00,03,00,04,00,ef,be,72,39,a1,82,8c,39,00,b8,14,00,\
44,00,53,00,79,00,73,00,74,00,e9,00,6d,00,6f,00,76,00,e9,00,20,00,69,00,6e,\
00,66,00,6f,00,72,00,6d,00,61,00,63,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,\
40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,36,33,00,28,00,0e,00,00,\
00,0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,00,00,00,00,a8,00,00,00,07,00,\
00,00,9a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,88,00,36,00,9c,05,00,\
00,77,39,8d,88,20,00,56,00,79,00,0d,01,69,00,61,01,74,00,1b,01,6e,00,ed,00,\
20,00,64,00,69,00,73,00,52,00,03,00,04,00,ef,be,72,39,a2,82,8c,39,00,b8,14,\
00,3c,00,56,00,79,00,0d,01,69,00,61,01,74,00,1b,01,6e,00,ed,00,20,00,64,00,\
69,00,73,00,6b,00,75,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,\
32,2e,64,6c,6c,2c,2d,32,32,30,32,36,00,28,00,0e,00,00,00,0a,00,ef,be,01,00,\
00,00,28,00,00,00,00,00,00,00,00,00,9e,00,00,00,08,00,00,00,90,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,7e,00,36,00,a1,05,00,00,72,39,cf,82,20,00,\
5a,00,e1,00,6c,00,6f,00,68,00,6f,00,76,00,e1,00,6e,00,ed,00,2e,00,6c,00,6e,\
00,48,00,03,00,04,00,ef,be,72,39,cf,82,8c,39,00,b8,14,00,32,00,5a,00,e1,00,\
6c,00,6f,00,68,00,6f,00,76,00,e1,00,6e,00,ed,00,2e,00,6c,00,6e,00,6b,00,00,\
00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,31,38,00,28,00,0e,00,\
00,00,0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\P*NULL*Y
í*NULL*s*NULL*l*NULL*u*NULL*a
e*NULL*n*NULL*s*NULL*t*NULL*v*NULL*í*NULL*\U*NULL*s*NULL*n*NULL*a*NULL*d*NULL*n*NULL*
n*NULL*í*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,b0,02,00,00,01,00,00,00,04,00,00,00,b8,00,\
00,00,00,00,00,00,aa,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,98,00,36,\
00,82,05,00,00,72,39,cf,82,20,00,4b,00,6c,00,e1,00,76,00,65,00,73,00,6e,00,\
69,00,63,00,65,00,20,00,6e,00,61,00,62,00,03,00,04,00,ef,be,72,39,9a,84,8c,\
39,00,b8,14,00,4c,00,4b,00,6c,00,e1,00,76,00,65,00,73,00,6e,00,69,00,63,00,\
65,00,20,00,6e,00,61,00,20,00,6f,00,62,00,72,00,61,00,7a,00,6f,00,76,00,63,\
00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,\
2c,2d,32,32,30,35,32,00,28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,\
00,00,00,00,00,00,00,82,00,00,00,01,00,00,00,74,00,00,00,41,75,67,4d,02,00,\
00,00,01,00,00,00,62,00,32,00,9a,05,00,00,72,39,cf,82,20,00,4c,55,50,41,2e,\
4c,4e,4b,00,00,3c,00,03,00,04,00,ef,be,72,39,9a,84,8c,39,00,b8,14,00,26,00,\
4c,00,75,00,70,00,61,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,\
32,2e,64,6c,6c,2c,2d,32,32,30,34,31,00,18,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,18,00,00,00,00,00,00,00,00,00,c0,00,00,00,02,00,00,00,b2,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,a0,00,36,00,95,05,00,00,72,39,69,82,20,00,\
50,00,72,00,6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,66,00,75,00,6e,00,6b,\
00,6a,00,03,00,04,00,ef,be,72,39,69,82,8c,39,00,b8,14,00,54,00,50,00,72,00,\
6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,66,00,75,00,6e,00,6b,00,63,00,65,\
00,6d,00,69,00,20,00,75,00,73,00,6e,00,61,00,64,00,6e,00,1b,01,6e,00,ed,00,\
2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,\
32,30,31,36,00,28,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,\
00,00,00,00,aa,00,00,00,03,00,00,00,9c,00,00,00,41,75,67,4d,02,00,00,00,01,\
00,00,00,8a,00,36,00,a8,05,00,00,72,39,cf,82,20,00,53,00,70,00,72,00,e1,00,\
76,00,63,00,65,00,20,00,6e,00,e1,00,73,00,74,00,72,00,54,00,03,00,04,00,ef,\
be,72,39,9a,84,8c,39,00,b8,14,00,3e,00,53,00,70,00,72,00,e1,00,76,00,63,00,\
65,00,20,00,6e,00,e1,00,73,00,74,00,72,00,6f,00,6a,00,6f,01,2e,00,6c,00,6e,\
00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,36,35,00,\
28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\P*NULL*Y
í*NULL*s*NULL*l*NULL*u*NULL*a
e*NULL*n*NULL*s*NULL*t*NULL*v*NULL*í*NULL*\Zábava]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,f0,01,00,00,01,00,00,00,03,00,00,00,b0,00,\
00,00,00,00,00,00,a2,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,90,00,36,\
00,9d,05,00,00,72,39,69,82,20,00,4f,00,76,00,6c,00,e1,00,64,00,e1,00,6e,00,\
ed,00,20,00,68,00,6c,00,61,00,73,00,5a,00,03,00,04,00,ef,be,72,39,69,82,7d,\
39,00,b8,14,00,44,00,4f,00,76,00,6c,00,e1,00,64,00,e1,00,6e,00,ed,00,20,00,\
68,00,6c,00,61,00,73,00,69,00,74,00,6f,00,73,00,74,00,69,00,2e,00,6c,00,6e,\
00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,36,36,00,\
28,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,00,00,00,00,92,\
00,00,00,01,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,\
32,00,c4,02,00,00,77,39,d8,80,20,00,57,49,4e,44,4f,57,7e,31,2e,4c,4e,4b,00,\
00,48,00,03,00,04,00,ef,be,72,39,9a,84,7d,39,00,b8,14,00,00,00,57,00,69,00,\
6e,00,64,00,6f,00,77,00,73,00,20,00,4d,00,65,00,64,00,69,00,61,00,20,00,50,\
00,6c,00,61,00,79,00,65,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,a2,00,00,00,02,\
00,00,00,94,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,82,00,36,00,9d,05,\
00,00,72,39,69,82,20,00,5a,00,e1,00,7a,00,6e,00,61,00,6d,00,20,00,7a,00,76,\
00,75,00,6b,00,75,00,2e,00,4c,00,03,00,04,00,ef,be,72,39,69,82,7d,39,00,b8,\
14,00,36,00,5a,00,e1,00,7a,00,6e,00,61,00,6d,00,20,00,7a,00,76,00,75,00,6b,\
00,75,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,\
2c,2d,32,32,30,36,31,00,28,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,28,00,00,\
00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Network\P*NULL*r*NULL*o*NULL*h*NULL*l*NULL*í*NULL*~
e*NULL*

*NULL*u*NULL*d*NULL*á*NULL*l*NULL*o*NULL*s*NULL*t*NULL*í*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
*NULL*p*NULL*r*NULL*o*NULL* *NULL*d*NULL*o*NULL*m*NULL*é*NULL*n*NULL*y*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_LOCAL_MACHINE\software\Classes\B*NULL*D*NULL*A*NULL*T*NULL*u*NULL*n*NULL*e*NULL*r*NULL*.*NULL*S*NULL*o*NULL*u*NULL*

á*NULL*s*NULL*t*NULL*i*NULL*]
@Owner=Administrators
@="Kolekce součástí modelů ladění BDA (podproudy všesměrového vysílání)"

[HKEY_LOCAL_MACHINE\software\Classes\B*NULL*D*NULL*A*NULL*T*NULL*u*NULL*n*NULL*e*NULL*r*NULL*.*NULL*S*NULL*o*NULL*u*NULL*

á*NULL*s*NULL*t*NULL*i*NULL*\CLSID]
@Security="Inherited"
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*NULL*D*NULL*A*NULL*T*NULL*u*NULL*n*NULL*e*NULL*r*NULL*.*NULL*S*NULL*o*NULL*u*NULL*

á*NULL*s*NULL*t*NULL*i*NULL*\CurVer]
@Security="Inherited"
@="BDATuner.Součásti.1"

[HKEY_LOCAL_MACHINE\software\Classes\B*NULL*D*NULL*A*NULL*T*NULL*u*NULL*n*NULL*e*NULL*r*NULL*.*NULL*S*NULL*o*NULL*u*NULL*

á*NULL*s*NULL*t*NULL*i*NULL*.*NULL*1*NULL*]
@Owner=Administrators
@="Kolekce součástí modelů ladění BDA (podproudy všesměrového vysílání)"

[HKEY_LOCAL_MACHINE\software\Classes\B*NULL*D*NULL*A*NULL*T*NULL*u*NULL*n*NULL*e*NULL*r*NULL*.*NULL*S*NULL*o*NULL*u*NULL*

á*NULL*s*NULL*t*NULL*i*NULL*.*NULL*1*NULL*\CLSID]
@Security="Inherited"
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog\System\V*NULL*y*NULL*m*NULL*
n*NULL*i*NULL*t*NULL*e*NULL*l*NULL*n*NULL*é*NULL* *NULL*ú*NULL*l*NULL*o*NULL*~
i*NULL*a
t*NULL*
]
@Security="Inherited"
"EventMessageFile"=expand:"%SystemRoot%\\System32\\NTMSEVT.DLL"
"TypesSupported"=dword:00000007
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Real\RealPlayer\RealPlay.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-01-01 11:47:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-01-01 10:47:40

Před spuštěním: Volných bajtů: 68,884,692,992
Po spuštění: Volných bajtů: 69,679,775,744

675 --- E O F --- 2008-12-13 11:22:32

[AlbiDC.]

myslím, že bude chyba někde tady, ale nejsem si jistý kde přesně

50,00,72,00,6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,66,00,75,00,6e,00,6b,\
00,6a,00,03,00,04,00,ef,be,72,39,69,82,8c,39,00,b8,14,00,54,00,50,00,72,00,\
6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,66,00,75,00,6e,00,6b,00,63,00,65,\
00,6d,00,69,00,20,00,75,00,73,00,6e,00,61,00,64,00,6e,00,1b,01,6e,00,ed,00,\
2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,\

sorry jestli to nebylo vtipné...

[tanuli]

Promiń ale jsem naprostý amatér a jsem ráda, že se můžu poradit tady a nemusím běhat někde po městě a hledat někoho, kdo mi pomůže. Stačí mi dobrá rada a už se z toho nějak vymotám. Díky

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\iun6002.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\DUMP3e31.tmp
Vlož sem výsledek.
ComboFix smazal skoro vše, jak se chová comp?

[tanuli]

ComboFix 08-12-31.01 - Administrator 2009-01-01 11:50:09.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.478.187 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\TermVir.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\iun6002.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-01 do 2009-01-01 )))))))))))))))))))))))))))))))
.

2009-01-01 11:57 . 2009-01-01 11:57 <DIR> d-------- c:\program files\ESET
2009-01-01 11:57 . 2009-01-01 11:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-01-01 11:44 . 2009-01-01 11:44 <DIR> d--hs---- C:\FOUND.001
2008-12-13 12:32 . 2008-12-13 12:32 49 --a------ c:\windows\NeroDigital.ini
2008-12-13 12:29 . 2008-12-13 12:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ahead
2008-12-13 12:29 . 2008-12-13 12:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ahead
2008-12-13 12:29 . 2008-12-13 12:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ahead
2008-12-13 12:27 . 2008-12-13 12:27 <DIR> d-------- c:\program files\Ahead
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\program files\Software602
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\program files\Common Files\soft602
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2008-12-13 12:10 . 2008-06-23 10:56 3,756,032 --a------ c:\windows\system32\cdintf300.dll
2008-12-13 12:10 . 2007-07-30 14:36 1,843,200 --a------ c:\windows\system32\acXMLParser.dll
2008-12-13 12:10 . 2006-11-04 15:14 1,245,696 --a------ c:\windows\system32\msxml4.dll
2008-12-13 12:10 . 2003-04-18 16:29 82,432 --a------ c:\windows\system32\msxml4r.dll
2008-12-13 12:10 . 2003-04-18 16:29 44,544 --a------ c:\windows\system32\msxml4a.dll
2008-12-13 12:10 . 2003-05-12 12:04 402 --a------ c:\windows\system32\msxml4.inf
2008-12-13 11:59 . 2008-12-13 11:59 <DIR> d--h----- c:\documents and settings\Administrator\Data aplikací\drivers
2008-12-13 11:59 . 2008-12-13 11:59 <DIR> d--h----- c:\documents and settings\Administrator\Data aplikací\drivers
2008-12-13 11:59 . 2008-12-13 11:59 <DIR> d--h----- c:\documents and settings\Administrator\Data aplikací\drivers
2008-12-13 11:57 . 2008-12-13 11:57 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Free Download Manager
2008-12-13 11:57 . 2008-12-13 11:57 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Free Download Manager
2008-12-13 11:57 . 2008-12-13 11:57 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Free Download Manager
2008-12-13 11:56 . 2008-12-13 11:56 <DIR> d-------- c:\program files\Free Download Manager
2008-12-13 11:56 . 2008-12-13 11:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FreeDownloadManager.ORG
2008-12-13 11:49 . 2008-12-13 11:49 <DIR> d-------- C:\hijackthis
2008-12-13 11:48 . 2008-12-13 11:48 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\skypePM
2008-12-13 11:48 . 2008-12-13 11:48 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\skypePM
2008-12-13 11:48 . 2008-12-13 11:48 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\skypePM
2008-12-13 11:48 . 2008-12-13 11:48 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\program files\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Skype
2008-12-13 11:44 . 2008-12-13 11:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\avg8
2008-12-13 11:42 . 2008-12-13 11:42 <DIR> d--hs---- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 10:41 90,112 ----a-w c:\windows\DUMP3e31.tmp
2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-11-30 16:28 --------- d-----w c:\program files\EA SPORTS
2008-11-23 21:11 --------- d-----w c:\program files\ICQ6Toolbar
2008-11-23 21:11 --------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2008-11-23 21:10 --------- d-----w c:\program files\ICQ6.5
2008-11-23 21:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2008-11-23 21:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2008-11-23 21:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2008-11-23 21:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-23 21:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-23 21:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-23 20:50 --------- d-----w c:\program files\Java
2008-11-23 20:50 --------- d-----w c:\program files\Common Files\Java
2008-11-23 20:45 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-23 16:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2008-11-23 16:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2008-11-23 16:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2008-11-23 16:35 --------- d-----w c:\program files\Zoner
2008-11-23 16:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-23 16:11 --------- d-----w c:\program files\Google
2008-11-23 16:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-23 16:08 --------- d-----w c:\program files\NOS
2008-11-23 16:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\NOS
2008-11-19 11:41 --------- d-----w c:\program files\Codec Pack - All In 1
2008-11-19 11:36 --------- d-----w c:\program files\totalcmd
2008-11-19 10:25 --------- d-----w c:\program files\Winamp
2008-11-19 10:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2008-11-19 10:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2008-11-19 10:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2008-11-19 10:21 --------- d-----w c:\program files\Real
2008-11-19 10:21 --------- d-----w c:\program files\Common Files\xing shared
2008-11-19 10:21 --------- d-----w c:\program files\Common Files\Real
2008-11-19 10:19 --------- d-----w c:\program files\Mv2Player
2008-11-19 10:15 --------- d-----w c:\program files\7-Zip
2008-11-19 10:13 --------- d-----w c:\program files\Microsoft Works
2008-11-19 10:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-11-19 10:12 --------- d-----w c:\program files\Alwil Software
2008-11-18 16:22 --------- d-----w c:\program files\microsoft frontpage
2008-11-18 16:21 --------- d-----w c:\program files\Broadcom
2008-11-18 16:21 --------- d-----w c:\documents and settings\Administrator\Data aplikací\InterVideo
2008-11-18 16:21 --------- d-----w c:\documents and settings\Administrator\Data aplikací\InterVideo
2008-11-18 16:21 --------- d-----w c:\documents and settings\Administrator\Data aplikací\InterVideo
2008-11-18 16:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 16:19 --------- d-----w c:\program files\SP31763
2008-11-18 16:19 --------- d-----w c:\program files\InterVideo
2008-11-18 16:19 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-07 15:45 2,174,976 ----a-w c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:42 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-01_11.46.40.94 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-01 10:58:16 10,134 ----a-r c:\windows\Installer\{7514727A-3ECA-40A1-A73E-9CF9D8463CB3}\callmsi.exe
+ 2009-01-01 10:58:16 136,448 ----a-r c:\windows\Installer\{7514727A-3ECA-40A1-A73E-9CF9D8463CB3}\egui.exe
+ 2008-07-01 07:56:22 39,944 ----a-w c:\windows\system32\drivers\eamon.sys
+ 2008-07-01 07:57:14 53,256 ----a-w c:\windows\system32\drivers\easdrv.sys
+ 2008-07-01 08:04:40 34,312 ----a-w c:\windows\system32\drivers\epfwtdir.sys
+ 2009-01-01 10:47:02 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_120.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-23 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-11-18 184320]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-07-01 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-11-23 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2007-08-02 69120]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
FF - ProfilePath -

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 11:51:25
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Logfile of HijackThis v1.99.1
Scan saved at 11:54:52, on 1.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
E:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

Soubor DUMP3e31.tmp přijatý 2009.01.01 22:06:06 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/38 (0%)

Počítač je o 100 % lepší, ale nefunguje mi internet.