PC-HELP.CZ

Dobrý den,
pravděpodobně jsem dostala do počítače šílený virus s kterým si nevím rady. V první řadě mi vypnul antivir, odpojil od sítě, nepustí mě obnovit systém, nepustí mě nainstalovat žádný antivir ani vytvořit log. Opravdu jsem bezradná a nevím co dělat. Prosím o pomoc. Děkuji. Tanuli

to už je učiněný ďábel, takže vpodstatě nemůžeš nic dělat.... nejjednoduší by bylo reinstal OS, ale počkej si na příspěvky zkušennějších

zkus udělat log z HijackThis v nouzovém režimu.

Argoneus píše:zkus udělat log z HijackThis v nouzovém režimu.

Bohužel mě to nepustí ani do nouzového režimu. Hodí mi to chybu, kterou si ani nestačím přečíst a znovu se to restartuje.

Já bych to viděl na přendání hardisku do jiného počítače, zálohu důležitých dat a projetí antivirem. Kdyby ten antivir nepomohl tak formát, reinstal a následnou koupi nějakého kvalitního antiviru, třeba NOD32 a instalaci rezidentního Spybotu Search and Destroy .. link zde: http://www.safer-networking.org/en/home/index.html

ještě mě napadlo zkusit nabootovat z CD-ROM instalačky Windowsů a dát opravu systému (někde se tam mačká R), ale je možný, že to udělá maglajs, to bych zkusil ještě před tím reinstalem.. kdy není co ztratit

Mám podezření na jeden soubor. Při kontrole disku mi vypadla hláška, že problém může dělat soubor srosa.sys.
Nemáte nějaké nápady. Děkuji.

můžeš ho najít a smazat.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Zkusila jsem COmboFix a vyjelo mi toto:

ComboFix 08-12-31.01 - Administrator 2009-01-01 11:46:33.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.478.248 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\TermVir.exe
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Data aplikací\drivers\downld
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27805612.exe
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27807384.exe
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27807414.exe
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27812832.exe
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27867531.exe
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27868582.exe
c:\documents and settings\Administrator\Data aplikací\drivers\downld\27868883.exe
c:\documents and settings\Administrator\Data aplikací\drivers\srosa.sys
c:\documents and settings\Administrator\Data aplikací\drivers\srosa2.sys
c:\documents and settings\Administrator\Data aplikací\drivers\winupgro.exe
c:\program files\Messenger\msmsgs.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Soubory vytvořené od 2008-12-01 do 2009-01-01 )))))))))))))))))))))))))))))))
.

2008-12-13 12:32 . 2008-12-13 12:32 49 --a------ c:\windows\NeroDigital.ini
2008-12-13 12:29 . 2008-12-13 12:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ahead
2008-12-13 12:29 . 2008-12-13 12:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ahead
2008-12-13 12:29 . 2008-12-13 12:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ahead
2008-12-13 12:27 . 2008-12-13 12:27 <DIR> d-------- c:\program files\Ahead
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\program files\Software602
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\program files\Common Files\soft602
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2008-12-13 12:10 . 2008-06-23 10:56 3,756,032 --a------ c:\windows\system32\cdintf300.dll
2008-12-13 12:10 . 2007-07-30 14:36 1,843,200 --a------ c:\windows\system32\acXMLParser.dll
2008-12-13 12:10 . 2006-11-04 15:14 1,245,696 --a------ c:\windows\system32\msxml4.dll
2008-12-13 12:10 . 2003-04-18 16:29 82,432 --a------ c:\windows\system32\msxml4r.dll
2008-12-13 12:10 . 2003-04-18 16:29 44,544 --a------ c:\windows\system32\msxml4a.dll
2008-12-13 12:10 . 2003-05-12 12:04 402 --a------ c:\windows\system32\msxml4.inf
2008-12-13 11:59 . 2008-12-13 11:59 <DIR> d--h----- c:\documents and settings\Administrator\Data aplikací\drivers
2008-12-13 11:59 . 2008-12-13 11:59 <DIR> d--h----- c:\documents and settings\Administrator\Data aplikací\drivers
2008-12-13 11:59 . 2008-12-13 11:59 <DIR> d--h----- c:\documents and settings\Administrator\Data aplikací\drivers
2008-12-13 11:57 . 2008-12-13 11:57 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Free Download Manager
2008-12-13 11:57 . 2008-12-13 11:57 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Free Download Manager
2008-12-13 11:57 . 2008-12-13 11:57 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Free Download Manager
2008-12-13 11:56 . 2008-12-13 11:56 <DIR> d-------- c:\program files\Free Download Manager
2008-12-13 11:56 . 2008-12-13 11:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FreeDownloadManager.ORG
2008-12-13 11:49 . 2008-12-13 11:49 <DIR> d-------- C:\hijackthis
2008-12-13 11:48 . 2008-12-13 11:48 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\skypePM
2008-12-13 11:48 . 2008-12-13 11:48 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\skypePM
2008-12-13 11:48 . 2008-12-13 11:48 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\skypePM
2008-12-13 11:48 . 2008-12-13 11:48 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\program files\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Skype
2008-12-13 11:44 . 2008-12-13 11:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\avg8
2008-12-13 11:42 . 2008-12-13 11:42 <DIR> d--hs---- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 10:41 90,112 ----a-w c:\windows\DUMP3e31.tmp
2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-11-30 16:28 --------- d-----w c:\program files\EA SPORTS
2008-11-23 21:11 --------- d-----w c:\program files\ICQ6Toolbar
2008-11-23 21:11 --------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2008-11-23 21:10 --------- d-----w c:\program files\ICQ6.5
2008-11-23 21:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2008-11-23 21:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2008-11-23 21:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2008-11-23 21:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-23 21:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-23 21:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-23 20:50 --------- d-----w c:\program files\Java
2008-11-23 20:50 --------- d-----w c:\program files\Common Files\Java
2008-11-23 20:45 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-23 16:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2008-11-23 16:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2008-11-23 16:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2008-11-23 16:35 --------- d-----w c:\program files\Zoner
2008-11-23 16:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-23 16:11 --------- d-----w c:\program files\Google
2008-11-23 16:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-23 16:08 --------- d-----w c:\program files\NOS
2008-11-23 16:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\NOS
2008-11-19 11:41 --------- d-----w c:\program files\Codec Pack - All In 1
2008-11-19 11:40 737,280 ----a-w c:\windows\iun6002.exe
2008-11-19 11:36 --------- d-----w c:\program files\totalcmd
2008-11-19 10:25 --------- d-----w c:\program files\Winamp
2008-11-19 10:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2008-11-19 10:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2008-11-19 10:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2008-11-19 10:21 --------- d-----w c:\program files\Real
2008-11-19 10:21 --------- d-----w c:\program files\Common Files\xing shared
2008-11-19 10:21 --------- d-----w c:\program files\Common Files\Real
2008-11-19 10:19 --------- d-----w c:\program files\Mv2Player
2008-11-19 10:15 --------- d-----w c:\program files\7-Zip
2008-11-19 10:13 --------- d-----w c:\program files\Microsoft Works
2008-11-19 10:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-11-19 10:12 --------- d-----w c:\program files\Alwil Software
2008-11-18 16:22 --------- d-----w c:\program files\microsoft frontpage
2008-11-18 16:21 --------- d-----w c:\program files\Broadcom
2008-11-18 16:21 --------- d-----w c:\documents and settings\Administrator\Data aplikací\InterVideo
2008-11-18 16:21 --------- d-----w c:\documents and settings\Administrator\Data aplikací\InterVideo
2008-11-18 16:21 --------- d-----w c:\documents and settings\Administrator\Data aplikací\InterVideo
2008-11-18 16:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 16:19 --------- d-----w c:\program files\SP31763
2008-11-18 16:19 --------- d-----w c:\program files\InterVideo
2008-11-18 16:19 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-07 15:45 2,174,976 ----a-w c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:42 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-23 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-11-18 184320]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-11-23 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2007-08-02 69120]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
FF - ProfilePath -

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 11:45:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\.Default\Software\Microsoft\Windows NT\CurrentVersion\Network\P*NULL*r*NULL*o*NULL*h*NULL*l*NULL*í*NULL*~
e*NULL*

*NULL*u*NULL*d*NULL*á*NULL*l*NULL*o*NULL*s*NULL*t*NULL*í*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\.Default\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\.Default\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
*NULL*p*NULL*r*NULL*o*NULL* *NULL*d*NULL*o*NULL*m*NULL*é*NULL*n*NULL*y*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\P*NULL*r*NULL*o*NULL*h*NULL*l*NULL*í*NULL*~
e*NULL*

*NULL*u*NULL*d*NULL*á*NULL*l*NULL*o*NULL*s*NULL*t*NULL*í*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
*NULL*p*NULL*r*NULL*o*NULL* *NULL*d*NULL*o*NULL*m*NULL*é*NULL*n*NULL*y*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\P*NULL*r*NULL*o*NULL*h*NULL*l*NULL*í*NULL*~
e*NULL*

*NULL*u*NULL*d*NULL*á*NULL*l*NULL*o*NULL*s*NULL*t*NULL*í*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
*NULL*p*NULL*r*NULL*o*NULL* *NULL*d*NULL*o*NULL*m*NULL*é*NULL*n*NULL*y*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\O*NULL*d*NULL*c*NULL*h*NULL*o*NULL*d*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*]
@Security="Inherited"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\P*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL* *NULL*s*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*e*NULL*\.Current]
@Security="Inherited"
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*p*NULL*o*NULL*~
a*NULL*d*NULL*a*NULL*v*NULL*k*NULL*u*NULL* *NULL*n*NULL*a*NULL* *NULL*p*NULL*Y
i*NULL*d*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*]
@Security="Inherited"

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\P*NULL*Y
í*NULL*j*NULL*e*NULL*m*NULL* *NULL*v*NULL*o*NULL*l*NULL*á*NULL*n*NULL*í*NULL*\.Current]
@Security="Inherited"
@="c:\\WINDOWS\\Media\\RingIn.wav"

[HKEY_USERS\Administrator\Software\Microsoft\Internet Explorer\MenuExt\S*NULL*t*NULL*á*NULL*h*NULL*n*NULL*o*NULL*u*NULL*t*NULL* *NULL*v*NULL*a
e*NULL* *NULL*F*NULL*r*NULL*e*NULL*e*NULL* *NULL*D*NULL*o*NULL*w*NULL*n*NULL*l*NULL*o*NULL*a*NULL*d*NULL* *NULL*M*NULL*a*NULL*n*NULL*a*NULL*g*NULL*e*NULL*r*NULL*e*NULL*m*NULL*]
@Security="Inherited"
@="file://c:\\Program Files\\Free Download Manager\\dlall.htm"
"Contexts"=dword:00000033
"Free Download Manager"=dword:00000001

[HKEY_USERS\Administrator\Software\Microsoft\PCHealth\Global\WindowPlacement\1*NULL*0*NULL*2*NULL*4*NULL*_*NULL*7*NULL*6*NULL*8*NULL*_*NULL*C*NULL*e*NULL*n*NULL*t*NULL*r*NULL*u*NULL*m*NULL* *NULL*p*NULL*r*NULL*o*NULL* *NULL*n*NULL*á*NULL*p*NULL*o*NULL*v*NULL*
d*NULL*u*NULL* *NULL*a*NULL* *NULL*o*NULL*d*NULL*b*NULL*o*NULL*r*NULL*n*NULL*o*NULL*u*NULL* *NULL*p*NULL*o*NULL*m*NULL*o*NULL*c*NULL*]
@Security="Inherited"
"Maximized"=dword:00000000
"Rect"=hex:16,00,00,00,2c,00,00,00,16,03,00,00,b6,02,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Protected Storage System Provider\S-1-5-21-1085031214-1993962763-1957994488-500\Data\220d5cc1-853a-11d0-84bc-00c04fd43f8f\417e2d75-84bd-11d0-84bb-00c04fd43f8f\T*NULL*a*NULL*e
á*NULL*n*NULL*a*NULL* *NULL*Z*NULL*e*NULL*m*NULL*á*NULL*n*NULL*k*NULL*o*NULL*v*NULL*á*NULL*6*NULL*7*NULL*9*NULL*A*NULL*6*NULL*1*NULL*D*NULL*0*NULL*]
@Security="Inherited"
"Behavior"=hex:02,00,00,00,02,00,00,00,10,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,00,00,14,00,00,00,16,5b,05,ca,7d,b6,95,f5,14,ed,16,70,5a,4e,\
03,3c,c5,e7,66,58
"Item Data"=hex:02,00,00,00,18,00,00,00,fe,c2,3a,fa,dc,d5,81,e4,3b,47,cb,ce,3f,\
34,b4,32,70,8d,86,f8,19,15,f6,5f,20,00,00,00,e7,8a,7e,ba,a1,00,d3,ec,b0,9e,\
0b,43,77,69,28,69,7f,fa,54,ef,11,46,21,b1,73,8a,f0,ca,65,1d,99,13

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero\U*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*s*NULL*k*NULL*é*NULL* *NULL*p*NULL*Y
í*NULL*r*NULL*u*NULL*

k*NULL*y*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\P*NULL*o*NULL* *NULL*s*NULL*p*NULL*u*NULL*a
t*NULL*
n*NULL*í*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,60,01,00,00,01,00,00,00,02,00,00,00,7c,00,\
00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,\
00,57,06,00,00,72,39,64,82,20,00,44,56,44,43,48,45,7e,31,2e,4c,4e,4b,00,00,\
32,00,03,00,04,00,ef,be,72,39,64,82,8c,39,00,b8,14,00,00,00,44,00,56,00,44,\
00,20,00,43,00,68,00,65,00,63,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,00,00,d8,00,00,\
00,01,00,00,00,ca,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,b8,00,36,00,\
5b,03,00,00,7e,39,ae,85,20,00,56,00,fd,00,59,01,65,00,7a,00,79,00,20,00,6f,\
00,62,00,72,00,61,00,7a,00,6f,00,82,00,03,00,04,00,ef,be,7e,39,ae,85,8c,39,\
00,b8,14,00,00,00,56,00,fd,00,59,01,65,00,7a,00,79,00,20,00,6f,00,62,00,72,\
00,61,00,7a,00,6f,00,76,00,6b,00,79,00,20,00,61,00,20,00,73,00,70,00,75,00,\
61,01,74,00,1b,01,6e,00,ed,00,20,00,61,00,70,00,6c,00,69,00,6b,00,61,00,63,\
00,65,00,20,00,4f,00,6e,00,65,00,4e,00,6f,00,74,00,65,00,20,00,32,00,30,00,\
30,00,37,00,2e,00,6c,00,6e,00,6b,00,00,00,28,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,28,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\P*NULL*Y
í*NULL*s*NULL*l*NULL*u*NULL*a
e*NULL*n*NULL*s*NULL*t*NULL*v*NULL*í*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,c0,0a,00,00,01,00,00,00,0f,00,00,00,86,00,\
00,00,00,00,00,00,78,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,66,00,31,\
00,00,00,00,00,72,39,dd,81,11,00,4b,4f,4d,55,4e,49,7e,31,00,00,40,00,03,00,\
04,00,ef,be,72,39,dd,81,71,39,00,b8,14,00,2a,00,4b,00,6f,00,6d,00,75,00,6e,\
00,69,00,6b,00,61,00,63,00,65,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,\
2c,2d,32,31,37,36,38,00,18,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,18,00,00,\
00,00,00,00,00,00,00,18,01,00,00,0d,00,00,00,0a,01,00,00,41,75,67,4d,02,00,\
00,00,02,00,00,00,6a,00,35,00,00,00,00,00,77,39,a8,80,10,00,53,00,79,00,73,\
00,74,00,e9,00,6d,00,6f,00,76,00,e9,00,3c,00,03,00,04,00,ef,be,77,39,a8,80,\
76,39,00,b8,14,00,00,00,53,00,79,00,73,00,74,00,e9,00,6d,00,6f,00,76,00,e9,\
00,20,00,6e,00,e1,00,73,00,74,00,72,00,6f,00,6a,00,65,00,00,00,20,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,20,00,00,00,8c,00,35,00,00,00,00,00,72,39,69,\
82,11,00,53,00,79,00,73,00,74,00,e9,00,6d,00,6f,00,76,00,e9,00,50,00,03,00,\
04,00,ef,be,72,39,69,82,71,39,00,b8,14,00,3a,00,53,00,79,00,73,00,74,00,e9,\
00,6d,00,6f,00,76,00,e9,00,20,00,6e,00,e1,00,73,00,74,00,72,00,6f,00,6a,00,\
65,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,31,37,38,38,00,20,\
00,0e,00,00,00,00,00,ef,be,01,00,00,00,20,00,0e,00,00,00,0a,00,ef,be,01,00,\
00,00,20,00,00,00,00,00,00,00,00,00,e4,00,00,00,01,00,00,00,d6,00,00,00,41,\
75,67,4d,02,00,00,00,02,00,00,00,64,00,31,00,00,00,00,00,72,39,cf,82,11,00,\
55,53,4e,41,44,4e,7e,31,00,00,3e,00,03,00,04,00,ef,be,72,39,9a,84,76,39,00,\
b8,14,00,28,00,55,00,73,00,6e,00,61,00,64,00,6e,00,1b,01,6e,00,ed,00,00,00,\
40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,31,37,36,30,00,18,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,18,00,00,00,5e,00,31,00,00,00,00,00,72,39,69,82,\
11,00,55,53,4e,41,44,4e,7e,31,00,00,2a,00,03,00,04,00,ef,be,72,39,69,82,71,\
39,00,b8,14,00,00,00,55,00,73,00,6e,00,61,00,64,00,6e,00,1b,01,6e,00,ed,00,\
00,00,18,00,0e,00,00,00,00,00,ef,be,01,00,00,00,18,00,0e,00,00,00,0a,00,ef,\
be,01,00,00,00,18,00,00,00,00,00,00,00,00,00,e0,00,00,00,02,00,00,00,d2,00,\
00,00,41,75,67,4d,02,00,00,00,02,00,00,00,62,00,35,00,00,00,00,00,72,39,cf,\
82,11,00,5a,00,e1,00,62,00,61,00,76,00,61,00,00,00,38,00,03,00,04,00,ef,be,\
72,39,9a,84,76,39,00,b8,14,00,22,00,5a,00,e1,00,62,00,61,00,76,00,61,00,00,\
00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,31,37,37,32,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,5c,00,35,00,00,00,00,00,72,39,69,\
82,11,00,5a,00,e1,00,62,00,61,00,76,00,61,00,00,00,24,00,03,00,04,00,ef,be,\
72,39,69,82,76,39,00,b8,14,00,00,00,5a,00,e1,00,62,00,61,00,76,00,61,00,00,\
00,1c,00,0e,00,00,00,00,00,ef,be,01,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
01,00,00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,03,00,00,00,88,00,00,\
00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,36,00,a6,02,00,00,77,39,d6,80,\
20,00,41,00,64,00,72,00,65,00,73,00,e1,00,59,01,2e,00,6c,00,6e,00,6b,00,00,\
00,42,00,03,00,04,00,ef,be,72,39,a1,84,8c,39,00,b8,14,00,2c,00,41,00,64,00,\
72,00,65,00,73,00,e1,00,59,01,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,\
6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,31,37,00,26,00,0e,00,00,00,0a,00,ef,be,\
00,00,00,00,26,00,00,00,00,00,00,00,00,00,92,00,00,00,04,00,00,00,84,00,00,\
00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,7a,05,00,00,8d,39,79,55,\
20,00,4b,41,4c,4b,55,4c,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,04,00,ef,be,72,\
39,69,82,8c,39,00,b8,14,00,32,00,4b,00,61,00,6c,00,6b,00,75,00,6c,00,61,00,\
0d,01,6b,00,61,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,\
64,6c,6c,2c,2d,32,32,30,31,39,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,9a,00,00,00,05,00,00,00,8c,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,7a,00,36,00,90,05,00,00,72,39,69,82,20,00,4d,00,\
61,00,6c,00,6f,00,76,00,e1,00,6e,00,ed,00,2e,00,6c,00,6e,00,6b,00,00,00,44,\
00,03,00,04,00,ef,be,72,39,69,82,8c,39,00,b8,14,00,2e,00,4d,00,61,00,6c,00,\
6f,00,76,00,e1,00,6e,00,ed,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,\
6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,35,34,00,28,00,0e,00,00,00,0a,00,ef,be,\
01,00,00,00,28,00,00,00,00,00,00,00,00,00,a8,00,00,00,06,00,00,00,9a,00,00,\
00,41,75,67,4d,02,00,00,00,01,00,00,00,88,00,36,00,94,05,00,00,72,39,cf,82,\
20,00,50,00,6f,00,7a,00,6e,00,e1,00,6d,00,6b,00,6f,00,76,00,fd,00,20,00,62,\
00,6c,00,52,00,03,00,04,00,ef,be,72,39,9a,84,8c,39,00,b8,14,00,3c,00,50,00,\
6f,00,7a,00,6e,00,e1,00,6d,00,6b,00,6f,00,76,00,fd,00,20,00,62,00,6c,00,6f,\
00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,\
2c,2d,32,32,30,35,31,00,28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,\
00,00,00,00,00,00,00,d4,00,00,00,07,00,00,00,c6,00,00,00,41,75,67,4d,02,00,\
00,00,01,00,00,00,b4,00,36,00,97,05,00,00,77,39,da,7e,20,00,50,00,72,00,6f,\
00,68,00,6c,00,ed,00,64,00,6b,00,61,00,20,00,73,00,79,00,73,00,7e,00,03,00,\
04,00,ef,be,72,39,9a,84,8c,39,00,b8,14,00,56,00,50,00,72,00,6f,00,68,00,6c,\
00,ed,00,64,00,6b,00,61,00,20,00,73,00,79,00,73,00,74,00,e9,00,6d,00,75,00,\
20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,58,00,50,00,2e,00,6c,\
00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,74,6f,75,72,73,74,61,72,74,2e,65,78,65,2c,2d,31,00,28,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,28,00,00,00,00,00,00,00,00,00,ee,00,00,00,08,00,\
00,00,e0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,ce,00,36,00,82,01,00,\
00,72,39,cf,82,20,00,50,00,72,00,6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,\
6f,00,76,00,1b,01,59,01,98,00,03,00,04,00,ef,be,72,39,9a,84,8c,39,00,b8,14,\
00,6e,00,50,00,72,00,6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,6f,00,76,00,\
1b,01,59,01,65,00,6e,00,ed,00,6d,00,20,00,6b,00,6f,00,6d,00,70,00,61,00,74,\
00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,20,00,70,00,72,00,6f,00,67,00,\
72,00,61,00,6d,00,75,00,2e,00,6c,00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,\
44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,63,6f,6d,70,61,74,55,49,2e,64,6c,\
6c,2c,2d,31,31,35,00,00,28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,\
00,00,00,00,00,00,00,ae,00,00,00,09,00,00,00,a0,00,00,00,41,75,67,4d,02,00,\
00,00,01,00,00,00,8e,00,36,00,74,05,00,00,72,39,a2,82,20,00,50,00,72,00,6f,\
01,7a,00,6b,00,75,00,6d,00,6e,00,ed,00,6b,00,20,00,57,00,69,00,58,00,03,00,\
04,00,ef,be,72,39,9a,84,8c,39,00,b8,14,00,42,00,50,00,72,00,6f,01,7a,00,6b,\
00,75,00,6d,00,6e,00,ed,00,6b,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,\
2d,32,32,30,36,37,00,28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,00,\
00,00,00,00,00,00,a8,00,00,00,0a,00,00,00,9a,00,00,00,41,75,67,4d,02,00,00,\
00,01,00,00,00,88,00,36,00,b3,05,00,00,77,39,83,a6,20,00,50,00,59,01,ed,00,\
6b,00,61,00,7a,00,6f,00,76,00,fd,00,20,00,59,01,e1,00,64,00,52,00,03,00,04,\
00,ef,be,72,39,9a,84,8c,39,00,b8,14,00,3c,00,50,00,59,01,ed,00,6b,00,61,00,\
7a,00,6f,00,76,00,fd,00,20,00,59,01,e1,00,64,00,65,00,6b,00,2e,00,6c,00,6e,\
00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,32,32,00,\
28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,00,00,00,00,00,00,00,ac,\
00,00,00,0e,00,00,00,9e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8c,00,\
36,00,d7,05,00,00,77,39,d8,84,20,00,50,00,59,01,69,00,70,00,6f,00,6a,00,65,\
00,6e,00,ed,00,20,00,6b,00,65,00,20,00,56,00,03,00,04,00,ef,be,77,39,d8,84,\
8c,39,00,b8,14,00,00,00,50,00,59,01,69,00,70,00,6f,00,6a,00,65,00,6e,00,ed,\
00,20,00,6b,00,65,00,20,00,76,00,7a,00,64,00,e1,00,6c,00,65,00,6e,00,e9,00,\
20,00,70,00,6c,00,6f,00,61,01,65,00,2e,00,6c,00,6e,00,6b,00,00,00,28,00,0e,\
00,00,00,0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,00,00,00,00,9a,00,00,00,\
0b,00,00,00,8c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7a,00,32,00,94,\
05,00,00,72,39,cf,82,20,00,53,59,4e,43,48,52,7e,31,2e,4c,4e,4b,00,00,50,00,\
03,00,04,00,ef,be,72,39,9a,84,8c,39,00,b8,14,00,3a,00,53,00,79,00,6e,00,63,\
00,68,00,72,00,6f,00,6e,00,69,00,7a,00,6f,00,76,00,61,00,74,00,2e,00,6c,00,\
6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,36,32,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,\
8a,00,00,00,0c,00,00,00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6a,\
00,32,00,14,03,00,00,72,39,69,82,20,00,57,4f,52,44,50,41,44,2e,4c,4e,4b,00,\
42,00,03,00,04,00,ef,be,72,39,69,82,8c,39,00,b8,14,00,2c,00,57,00,6f,00,72,\
00,64,00,50,00,61,00,64,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,\
33,32,2e,64,6c,6c,2c,2d,32,32,30,36,39,00,1a,00,0e,00,00,00,0a,00,ef,be,01,\
00,00,00,1a,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\P*NULL*Y
í*NULL*s*NULL*l*NULL*u*NULL*a
e*NULL*n*NULL*s*NULL*t*NULL*v*NULL*í*NULL*\Komunikace]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,ea,03,00,00,01,00,00,00,05,00,00,00,e4,00,\
00,00,00,00,00,00,d6,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,c4,00,36,\
00,18,06,00,00,77,39,17,85,20,00,50,00,72,00,6f,01,76,00,6f,00,64,00,63,00,\
65,00,20,00,69,00,6e,00,73,00,74,00,8e,00,03,00,04,00,ef,be,72,39,cf,82,8c,\
39,00,b8,14,00,62,00,50,00,72,00,6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,\
69,00,6e,00,73,00,74,00,61,00,6c,00,61,00,63,00,ed,00,20,00,62,00,65,00,7a,\
00,64,00,72,00,e1,00,74,00,6f,00,76,00,e9,00,20,00,73,00,ed,00,74,00,1b,01,\
2e,00,6c,00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,\
74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,2c,2d,31,36,32,30,31,\
00,00,28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,00,00,00,00,00,00,\
00,98,00,00,00,01,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,\
78,00,32,00,b7,02,00,00,72,39,69,82,20,00,48,59,50,45,52,54,7e,31,2e,4c,4e,\
4b,00,00,4e,00,03,00,04,00,ef,be,72,39,69,82,8c,39,00,b8,14,00,38,00,48,00,\
79,00,70,00,65,00,72,00,54,00,65,00,72,00,6d,00,69,00,6e,00,61,00,6c,00,2e,\
00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,\
30,33,31,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
00,00,00,cc,00,00,00,02,00,00,00,be,00,00,00,41,75,67,4d,02,00,00,00,01,00,\
00,00,ac,00,36,00,0d,06,00,00,72,39,a0,82,20,00,50,00,72,00,6f,01,76,00,6f,\
00,64,00,63,00,65,00,20,00,69,00,6e,00,73,00,74,00,76,00,03,00,04,00,ef,be,\
72,39,a0,82,8c,39,00,b8,14,00,4c,00,50,00,72,00,6f,01,76,00,6f,00,64,00,63,\
00,65,00,20,00,69,00,6e,00,73,00,74,00,61,00,6c,00,61,00,63,00,ed,00,20,00,\
73,00,ed,00,74,00,1b,01,2e,00,6c,00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,\
44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,68,6e,65,74,77,69,7a,2e,64,6c,6c,\
2c,2d,33,30,38,35,00,00,28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,\
00,00,00,00,00,00,00,d8,00,00,00,03,00,00,00,ca,00,00,00,41,75,67,4d,02,00,\
00,00,01,00,00,00,b8,00,36,00,13,06,00,00,72,39,dd,81,20,00,50,00,72,00,6f,\
01,76,00,6f,00,64,00,63,00,65,00,20,00,76,00,79,00,74,00,76,00,82,00,03,00,\
04,00,ef,be,72,39,dd,81,8c,39,00,b8,14,00,58,00,50,00,72,00,6f,01,76,00,6f,\
00,64,00,63,00,65,00,20,00,76,00,79,00,74,00,76,00,6f,00,59,01,65,00,6e,00,\
ed,00,6d,00,20,00,70,00,59,01,69,00,70,00,6f,00,6a,00,65,00,6e,00,ed,00,2e,\
00,6c,00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,\
65,6d,33,32,5c,6e,65,74,73,68,65,6c,6c,2e,64,6c,6c,2c,2d,31,30,31,30,00,28,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,00,00,00,00,00,00,00,be,00,\
00,00,04,00,00,00,b0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,9e,00,36,\
00,82,06,00,00,72,39,dd,81,20,00,53,00,ed,00,65,01,6f,00,76,00,e1,00,20,00,\
70,00,59,01,69,00,70,00,6f,00,6a,00,68,00,03,00,04,00,ef,be,72,39,dd,81,8c,\
39,00,b8,14,00,3e,00,53,00,ed,00,65,01,6f,00,76,00,e1,00,20,00,70,00,59,01,\
69,00,70,00,6f,00,6a,00,65,00,6e,00,ed,00,2e,00,6c,00,6e,00,6b,00,00,00,40,\
43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6e,65,74,73,68,\
65,6c,6c,2e,64,6c,6c,2c,2d,31,32,30,30,00,28,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,28,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\P*NULL*Y
í*NULL*s*NULL*l*NULL*u*NULL*a
e*NULL*n*NULL*s*NULL*t*NULL*v*NULL*í*NULL*\Systémové nástroje]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,f8,06,00,00,01,00,00,00,0a,00,00,00,c6,00,\
00,00,00,00,00,00,b8,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,a6,00,32,\
00,e4,05,00,00,72,39,cf,82,20,00,41,4b,54,49,56,41,7e,31,2e,4c,4e,4b,00,00,\
7c,00,03,00,04,00,ef,be,72,39,cf,82,8c,39,00,b8,14,00,4e,00,41,00,6b,00,74,\
00,69,00,76,00,61,00,63,00,65,00,20,00,73,00,79,00,73,00,74,00,e9,00,6d,00,\
75,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,2e,00,6c,00,6e,00,6b,\
00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6f,\
6f,62,65,5c,6d,73,6f,6f,62,65,2e,65,78,65,2c,2d,32,30,30,30,00,00,1c,00,0e,\
00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,00,00,a4,00,00,00,\
01,00,00,00,96,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,84,00,32,00,c9,\
05,00,00,72,39,a1,82,20,00,44,45,46,52,41,47,7e,31,2e,4c,4e,4b,00,00,5a,00,\
03,00,04,00,ef,be,72,39,a1,82,8c,39,00,b8,14,00,44,00,44,00,65,00,66,00,72,\
00,61,00,67,00,6d,00,65,00,6e,00,74,00,61,00,63,00,65,00,20,00,64,00,69,00,\
73,00,6b,00,75,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,\
64,6c,6c,2c,2d,32,32,30,32,37,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,a8,00,00,00,09,00,00,00,9a,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,88,00,32,00,e1,02,00,00,77,39,a8,80,20,00,49,4e,\
54,45,52,4e,7e,32,2e,4c,4e,4b,00,00,5e,00,03,00,04,00,ef,be,77,39,a8,80,8c,\
39,00,b8,14,00,00,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,\
45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,20,00,28,00,62,00,65,00,7a,\
00,20,00,64,00,6f,00,70,00,6c,00,48,01,6b,00,6f,01,29,00,2e,00,6c,00,6e,00,\
6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
00,00,00,92,00,00,00,02,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,\
00,00,72,00,32,00,96,05,00,00,72,39,69,82,20,00,4d,41,50,41,5a,4e,7e,31,2e,\
4c,4e,4b,00,00,48,00,03,00,04,00,ef,be,72,39,69,82,8c,39,00,b8,14,00,32,00,\
4d,00,61,00,70,00,61,00,20,00,7a,00,6e,00,61,00,6b,00,6f,01,2e,00,6c,00,6e,\
00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,32,31,00,\
1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,00,00,ac,\
00,00,00,03,00,00,00,9e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8c,00,\
36,00,7e,06,00,00,72,39,a2,82,20,00,4e,00,61,00,70,00,6c,00,e1,00,6e,00,6f,\
00,76,00,61,00,6e,00,e9,00,20,00,fa,00,56,00,03,00,04,00,ef,be,72,39,a2,82,\
8c,39,00,b8,14,00,40,00,4e,00,61,00,70,00,6c,00,e1,00,6e,00,6f,00,76,00,61,\
00,6e,00,e9,00,20,00,fa,00,6c,00,6f,00,68,00,79,00,2e,00,6c,00,6e,00,6b,00,\
00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,35,38,00,28,00,0e,\
00,00,00,0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,00,00,00,00,b8,00,00,00,\
04,00,00,00,aa,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,98,00,32,00,f0,\
05,00,00,8d,39,37,55,20,00,4f,42,4e,4f,56,45,7e,31,2e,4c,4e,4b,00,00,6e,00,\
03,00,04,00,ef,be,72,39,a2,82,8c,39,00,b8,14,00,3e,00,4f,00,62,00,6e,00,6f,\
00,76,00,65,00,6e,00,ed,00,20,00,73,00,79,00,73,00,74,00,e9,00,6d,00,75,00,\
2e,00,6c,00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,\
74,65,6d,33,32,5c,72,65,73,74,6f,72,65,5c,72,73,74,72,75,69,2e,65,78,65,2c,\
2d,32,30,34,38,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,\
00,00,00,00,00,ee,00,00,00,05,00,00,00,e0,00,00,00,41,75,67,4d,02,00,00,00,\
01,00,00,00,ce,00,36,00,d7,05,00,00,77,39,06,84,20,00,50,00,72,00,6f,01,76,\
00,6f,00,64,00,63,00,65,00,20,00,70,00,59,01,65,00,6e,00,98,00,03,00,04,00,\
ef,be,72,39,cf,82,8c,39,00,b8,14,00,6c,00,50,00,72,00,6f,01,76,00,6f,00,64,\
00,63,00,65,00,20,00,70,00,59,01,65,00,6e,00,65,00,73,00,65,00,6e,00,ed,00,\
6d,00,20,00,73,00,6f,00,75,00,62,00,6f,00,72,00,6f,01,20,00,61,00,20,00,6e,\
00,61,00,73,00,74,00,61,00,76,00,65,00,6e,00,ed,00,2e,00,6c,00,6e,00,6b,00,\
00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,75,73,\
6d,74,5c,6d,69,67,77,69,7a,2e,65,78,65,2c,2d,32,30,32,00,28,00,0e,00,00,00,\
0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,00,00,00,00,b0,00,00,00,06,00,00,\
00,a2,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,90,00,36,00,d3,03,00,00,\
72,39,a1,82,20,00,53,00,79,00,73,00,74,00,e9,00,6d,00,6f,00,76,00,e9,00,20,\
00,69,00,6e,00,66,00,5a,00,03,00,04,00,ef,be,72,39,a1,82,8c,39,00,b8,14,00,\
44,00,53,00,79,00,73,00,74,00,e9,00,6d,00,6f,00,76,00,e9,00,20,00,69,00,6e,\
00,66,00,6f,00,72,00,6d,00,61,00,63,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,\
40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,36,33,00,28,00,0e,00,00,\
00,0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,00,00,00,00,a8,00,00,00,07,00,\
00,00,9a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,88,00,36,00,9c,05,00,\
00,77,39,8d,88,20,00,56,00,79,00,0d,01,69,00,61,01,74,00,1b,01,6e,00,ed,00,\
20,00,64,00,69,00,73,00,52,00,03,00,04,00,ef,be,72,39,a2,82,8c,39,00,b8,14,\
00,3c,00,56,00,79,00,0d,01,69,00,61,01,74,00,1b,01,6e,00,ed,00,20,00,64,00,\
69,00,73,00,6b,00,75,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,\
32,2e,64,6c,6c,2c,2d,32,32,30,32,36,00,28,00,0e,00,00,00,0a,00,ef,be,01,00,\
00,00,28,00,00,00,00,00,00,00,00,00,9e,00,00,00,08,00,00,00,90,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,7e,00,36,00,a1,05,00,00,72,39,cf,82,20,00,\
5a,00,e1,00,6c,00,6f,00,68,00,6f,00,76,00,e1,00,6e,00,ed,00,2e,00,6c,00,6e,\
00,48,00,03,00,04,00,ef,be,72,39,cf,82,8c,39,00,b8,14,00,32,00,5a,00,e1,00,\
6c,00,6f,00,68,00,6f,00,76,00,e1,00,6e,00,ed,00,2e,00,6c,00,6e,00,6b,00,00,\
00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,31,38,00,28,00,0e,00,\
00,00,0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\P*NULL*Y
í*NULL*s*NULL*l*NULL*u*NULL*a
e*NULL*n*NULL*s*NULL*t*NULL*v*NULL*í*NULL*\U*NULL*s*NULL*n*NULL*a*NULL*d*NULL*n*NULL*
n*NULL*í*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,b0,02,00,00,01,00,00,00,04,00,00,00,b8,00,\
00,00,00,00,00,00,aa,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,98,00,36,\
00,82,05,00,00,72,39,cf,82,20,00,4b,00,6c,00,e1,00,76,00,65,00,73,00,6e,00,\
69,00,63,00,65,00,20,00,6e,00,61,00,62,00,03,00,04,00,ef,be,72,39,9a,84,8c,\
39,00,b8,14,00,4c,00,4b,00,6c,00,e1,00,76,00,65,00,73,00,6e,00,69,00,63,00,\
65,00,20,00,6e,00,61,00,20,00,6f,00,62,00,72,00,61,00,7a,00,6f,00,76,00,63,\
00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,\
2c,2d,32,32,30,35,32,00,28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,\
00,00,00,00,00,00,00,82,00,00,00,01,00,00,00,74,00,00,00,41,75,67,4d,02,00,\
00,00,01,00,00,00,62,00,32,00,9a,05,00,00,72,39,cf,82,20,00,4c,55,50,41,2e,\
4c,4e,4b,00,00,3c,00,03,00,04,00,ef,be,72,39,9a,84,8c,39,00,b8,14,00,26,00,\
4c,00,75,00,70,00,61,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,\
32,2e,64,6c,6c,2c,2d,32,32,30,34,31,00,18,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,18,00,00,00,00,00,00,00,00,00,c0,00,00,00,02,00,00,00,b2,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,a0,00,36,00,95,05,00,00,72,39,69,82,20,00,\
50,00,72,00,6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,66,00,75,00,6e,00,6b,\
00,6a,00,03,00,04,00,ef,be,72,39,69,82,8c,39,00,b8,14,00,54,00,50,00,72,00,\
6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,66,00,75,00,6e,00,6b,00,63,00,65,\
00,6d,00,69,00,20,00,75,00,73,00,6e,00,61,00,64,00,6e,00,1b,01,6e,00,ed,00,\
2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,\
32,30,31,36,00,28,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,\
00,00,00,00,aa,00,00,00,03,00,00,00,9c,00,00,00,41,75,67,4d,02,00,00,00,01,\
00,00,00,8a,00,36,00,a8,05,00,00,72,39,cf,82,20,00,53,00,70,00,72,00,e1,00,\
76,00,63,00,65,00,20,00,6e,00,e1,00,73,00,74,00,72,00,54,00,03,00,04,00,ef,\
be,72,39,9a,84,8c,39,00,b8,14,00,3e,00,53,00,70,00,72,00,e1,00,76,00,63,00,\
65,00,20,00,6e,00,e1,00,73,00,74,00,72,00,6f,00,6a,00,6f,01,2e,00,6c,00,6e,\
00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,36,35,00,\
28,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,28,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\P*NULL*Y
í*NULL*s*NULL*l*NULL*u*NULL*a
e*NULL*n*NULL*s*NULL*t*NULL*v*NULL*í*NULL*\Zábava]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,f0,01,00,00,01,00,00,00,03,00,00,00,b0,00,\
00,00,00,00,00,00,a2,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,90,00,36,\
00,9d,05,00,00,72,39,69,82,20,00,4f,00,76,00,6c,00,e1,00,64,00,e1,00,6e,00,\
ed,00,20,00,68,00,6c,00,61,00,73,00,5a,00,03,00,04,00,ef,be,72,39,69,82,7d,\
39,00,b8,14,00,44,00,4f,00,76,00,6c,00,e1,00,64,00,e1,00,6e,00,ed,00,20,00,\
68,00,6c,00,61,00,73,00,69,00,74,00,6f,00,73,00,74,00,69,00,2e,00,6c,00,6e,\
00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,36,36,00,\
28,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,28,00,00,00,00,00,00,00,00,00,92,\
00,00,00,01,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,\
32,00,c4,02,00,00,77,39,d8,80,20,00,57,49,4e,44,4f,57,7e,31,2e,4c,4e,4b,00,\
00,48,00,03,00,04,00,ef,be,72,39,9a,84,7d,39,00,b8,14,00,00,00,57,00,69,00,\
6e,00,64,00,6f,00,77,00,73,00,20,00,4d,00,65,00,64,00,69,00,61,00,20,00,50,\
00,6c,00,61,00,79,00,65,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,a2,00,00,00,02,\
00,00,00,94,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,82,00,36,00,9d,05,\
00,00,72,39,69,82,20,00,5a,00,e1,00,7a,00,6e,00,61,00,6d,00,20,00,7a,00,76,\
00,75,00,6b,00,75,00,2e,00,4c,00,03,00,04,00,ef,be,72,39,69,82,7d,39,00,b8,\
14,00,36,00,5a,00,e1,00,7a,00,6e,00,61,00,6d,00,20,00,7a,00,76,00,75,00,6b,\
00,75,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,\
2c,2d,32,32,30,36,31,00,28,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,28,00,00,\
00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Network\P*NULL*r*NULL*o*NULL*h*NULL*l*NULL*í*NULL*~
e*NULL*

*NULL*u*NULL*d*NULL*á*NULL*l*NULL*o*NULL*s*NULL*t*NULL*í*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Network\S*NULL*p*NULL*r*NULL*á*NULL*v*NULL*c*NULL*e*NULL* *NULL*u*NULL*~
i*NULL*v*NULL*a*NULL*t*NULL*e*NULL*l*NULL*o
*NULL*p*NULL*r*NULL*o*NULL* *NULL*d*NULL*o*NULL*m*NULL*é*NULL*n*NULL*y*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_LOCAL_MACHINE\software\Classes\B*NULL*D*NULL*A*NULL*T*NULL*u*NULL*n*NULL*e*NULL*r*NULL*.*NULL*S*NULL*o*NULL*u*NULL*

á*NULL*s*NULL*t*NULL*i*NULL*]
@Owner=Administrators
@="Kolekce součástí modelů ladění BDA (podproudy všesměrového vysílání)"

[HKEY_LOCAL_MACHINE\software\Classes\B*NULL*D*NULL*A*NULL*T*NULL*u*NULL*n*NULL*e*NULL*r*NULL*.*NULL*S*NULL*o*NULL*u*NULL*

á*NULL*s*NULL*t*NULL*i*NULL*\CLSID]
@Security="Inherited"
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*NULL*D*NULL*A*NULL*T*NULL*u*NULL*n*NULL*e*NULL*r*NULL*.*NULL*S*NULL*o*NULL*u*NULL*

á*NULL*s*NULL*t*NULL*i*NULL*\CurVer]
@Security="Inherited"
@="BDATuner.Součásti.1"

[HKEY_LOCAL_MACHINE\software\Classes\B*NULL*D*NULL*A*NULL*T*NULL*u*NULL*n*NULL*e*NULL*r*NULL*.*NULL*S*NULL*o*NULL*u*NULL*

á*NULL*s*NULL*t*NULL*i*NULL*.*NULL*1*NULL*]
@Owner=Administrators
@="Kolekce součástí modelů ladění BDA (podproudy všesměrového vysílání)"

[HKEY_LOCAL_MACHINE\software\Classes\B*NULL*D*NULL*A*NULL*T*NULL*u*NULL*n*NULL*e*NULL*r*NULL*.*NULL*S*NULL*o*NULL*u*NULL*

á*NULL*s*NULL*t*NULL*i*NULL*.*NULL*1*NULL*\CLSID]
@Security="Inherited"
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog\System\V*NULL*y*NULL*m*NULL*
n*NULL*i*NULL*t*NULL*e*NULL*l*NULL*n*NULL*é*NULL* *NULL*ú*NULL*l*NULL*o*NULL*~
i*NULL*a
t*NULL*
]
@Security="Inherited"
"EventMessageFile"=expand:"%SystemRoot%\\System32\\NTMSEVT.DLL"
"TypesSupported"=dword:00000007
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Real\RealPlayer\RealPlay.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-01-01 11:47:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-01-01 10:47:40

Před spuštěním: Volných bajtů: 68,884,692,992
Po spuštění: Volných bajtů: 69,679,775,744

675 --- E O F --- 2008-12-13 11:22:32

myslím, že bude chyba někde tady, ale nejsem si jistý kde přesně

50,00,72,00,6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,66,00,75,00,6e,00,6b,\
00,6a,00,03,00,04,00,ef,be,72,39,69,82,8c,39,00,b8,14,00,54,00,50,00,72,00,\
6f,01,76,00,6f,00,64,00,63,00,65,00,20,00,66,00,75,00,6e,00,6b,00,63,00,65,\
00,6d,00,69,00,20,00,75,00,73,00,6e,00,61,00,64,00,6e,00,1b,01,6e,00,ed,00,\
2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,\

sorry jestli to nebylo vtipné...

Promiń ale jsem naprostý amatér a jsem ráda, že se můžu poradit tady a nemusím běhat někde po městě a hledat někoho, kdo mi pomůže. Stačí mi dobrá rada a už se z toho nějak vymotám. Díky

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\DUMP3e31.tmp
Vlož sem výsledek.
ComboFix smazal skoro vše, jak se chová comp?

ComboFix 08-12-31.01 - Administrator 2009-01-01 11:50:09.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.478.187 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\TermVir.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\iun6002.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-01 do 2009-01-01 )))))))))))))))))))))))))))))))
.

2009-01-01 11:57 . 2009-01-01 11:57 <DIR> d-------- c:\program files\ESET
2009-01-01 11:57 . 2009-01-01 11:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-01-01 11:44 . 2009-01-01 11:44 <DIR> d--hs---- C:\FOUND.001
2008-12-13 12:32 . 2008-12-13 12:32 49 --a------ c:\windows\NeroDigital.ini
2008-12-13 12:29 . 2008-12-13 12:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ahead
2008-12-13 12:29 . 2008-12-13 12:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ahead
2008-12-13 12:29 . 2008-12-13 12:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ahead
2008-12-13 12:27 . 2008-12-13 12:27 <DIR> d-------- c:\program files\Ahead
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\program files\Software602
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\program files\Common Files\soft602
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2008-12-13 12:10 . 2008-12-13 12:10 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2008-12-13 12:10 . 2008-06-23 10:56 3,756,032 --a------ c:\windows\system32\cdintf300.dll
2008-12-13 12:10 . 2007-07-30 14:36 1,843,200 --a------ c:\windows\system32\acXMLParser.dll
2008-12-13 12:10 . 2006-11-04 15:14 1,245,696 --a------ c:\windows\system32\msxml4.dll
2008-12-13 12:10 . 2003-04-18 16:29 82,432 --a------ c:\windows\system32\msxml4r.dll
2008-12-13 12:10 . 2003-04-18 16:29 44,544 --a------ c:\windows\system32\msxml4a.dll
2008-12-13 12:10 . 2003-05-12 12:04 402 --a------ c:\windows\system32\msxml4.inf
2008-12-13 11:59 . 2008-12-13 11:59 <DIR> d--h----- c:\documents and settings\Administrator\Data aplikací\drivers
2008-12-13 11:59 . 2008-12-13 11:59 <DIR> d--h----- c:\documents and settings\Administrator\Data aplikací\drivers
2008-12-13 11:59 . 2008-12-13 11:59 <DIR> d--h----- c:\documents and settings\Administrator\Data aplikací\drivers
2008-12-13 11:57 . 2008-12-13 11:57 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Free Download Manager
2008-12-13 11:57 . 2008-12-13 11:57 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Free Download Manager
2008-12-13 11:57 . 2008-12-13 11:57 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Free Download Manager
2008-12-13 11:56 . 2008-12-13 11:56 <DIR> d-------- c:\program files\Free Download Manager
2008-12-13 11:56 . 2008-12-13 11:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FreeDownloadManager.ORG
2008-12-13 11:49 . 2008-12-13 11:49 <DIR> d-------- C:\hijackthis
2008-12-13 11:48 . 2008-12-13 11:48 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\skypePM
2008-12-13 11:48 . 2008-12-13 11:48 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\skypePM
2008-12-13 11:48 . 2008-12-13 11:48 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\skypePM
2008-12-13 11:48 . 2008-12-13 11:48 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\program files\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Skype
2008-12-13 11:45 . 2008-12-13 11:45 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Skype
2008-12-13 11:44 . 2008-12-13 11:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\avg8
2008-12-13 11:42 . 2008-12-13 11:42 <DIR> d--hs---- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 10:41 90,112 ----a-w c:\windows\DUMP3e31.tmp
2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-11-30 16:28 --------- d-----w c:\program files\EA SPORTS
2008-11-23 21:11 --------- d-----w c:\program files\ICQ6Toolbar
2008-11-23 21:11 --------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2008-11-23 21:10 --------- d-----w c:\program files\ICQ6.5
2008-11-23 21:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2008-11-23 21:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2008-11-23 21:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2008-11-23 21:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-23 21:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-23 21:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-23 20:50 --------- d-----w c:\program files\Java
2008-11-23 20:50 --------- d-----w c:\program files\Common Files\Java
2008-11-23 20:45 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-23 16:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2008-11-23 16:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2008-11-23 16:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2008-11-23 16:35 --------- d-----w c:\program files\Zoner
2008-11-23 16:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-23 16:11 --------- d-----w c:\program files\Google
2008-11-23 16:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-23 16:08 --------- d-----w c:\program files\NOS
2008-11-23 16:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\NOS
2008-11-19 11:41 --------- d-----w c:\program files\Codec Pack - All In 1
2008-11-19 11:36 --------- d-----w c:\program files\totalcmd
2008-11-19 10:25 --------- d-----w c:\program files\Winamp
2008-11-19 10:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2008-11-19 10:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2008-11-19 10:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2008-11-19 10:21 --------- d-----w c:\program files\Real
2008-11-19 10:21 --------- d-----w c:\program files\Common Files\xing shared
2008-11-19 10:21 --------- d-----w c:\program files\Common Files\Real
2008-11-19 10:19 --------- d-----w c:\program files\Mv2Player
2008-11-19 10:15 --------- d-----w c:\program files\7-Zip
2008-11-19 10:13 --------- d-----w c:\program files\Microsoft Works
2008-11-19 10:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-11-19 10:12 --------- d-----w c:\program files\Alwil Software
2008-11-18 16:22 --------- d-----w c:\program files\microsoft frontpage
2008-11-18 16:21 --------- d-----w c:\program files\Broadcom
2008-11-18 16:21 --------- d-----w c:\documents and settings\Administrator\Data aplikací\InterVideo
2008-11-18 16:21 --------- d-----w c:\documents and settings\Administrator\Data aplikací\InterVideo
2008-11-18 16:21 --------- d-----w c:\documents and settings\Administrator\Data aplikací\InterVideo
2008-11-18 16:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 16:19 --------- d-----w c:\program files\SP31763
2008-11-18 16:19 --------- d-----w c:\program files\InterVideo
2008-11-18 16:19 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-07 15:45 2,174,976 ----a-w c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:42 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-01_11.46.40.94 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-01 10:58:16 10,134 ----a-r c:\windows\Installer\{7514727A-3ECA-40A1-A73E-9CF9D8463CB3}\callmsi.exe
+ 2009-01-01 10:58:16 136,448 ----a-r c:\windows\Installer\{7514727A-3ECA-40A1-A73E-9CF9D8463CB3}\egui.exe
+ 2008-07-01 07:56:22 39,944 ----a-w c:\windows\system32\drivers\eamon.sys
+ 2008-07-01 07:57:14 53,256 ----a-w c:\windows\system32\drivers\easdrv.sys
+ 2008-07-01 08:04:40 34,312 ----a-w c:\windows\system32\drivers\epfwtdir.sys
+ 2009-01-01 10:47:02 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_120.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-23 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-11-18 184320]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-07-01 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-11-23 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2007-08-02 69120]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
FF - ProfilePath -

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 11:51:25
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Logfile of HijackThis v1.99.1
Scan saved at 11:54:52, on 1.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
E:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

Soubor DUMP3e31.tmp přijatý 2009.01.01 22:06:06 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/38 (0%)

Počítač je o 100 % lepší, ale nefunguje mi internet.