Prosím o kontrolu logu SVCHOST.EXE 100% CPU

holus · Příspěvekod **holus** » 20 pro 2009 21:46

Prosím Vás o kontrolu logu. SVCHOST.EXE mi vytěžuje CPU na 100%. Jedině když Win nastartujou bez zapojeného síťového kabelu tak je vše OK. Předem děkuju.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:30, on 20.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe
d:\Programy01\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
D:\Programy\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
d:\Programy01\UltraVNC\WinVNC.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\CpuIdle\cpuidle.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
D:\Programy\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\HonzaH\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\HonzaH\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "d:\Programy\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [CpuIdle] C:\Program Files\CpuIdle\cpuidle.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [pdfSaver3] "d:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: siszyd32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - D:\Programy01\eSnips\res\SnipIt.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Programy01\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Programy01\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} (PhotoUploader Control) - http://sberna.fotostar.cz/snadno-vlozit ... loader.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://ovanet.cz/activex/AxisCamControl.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/ ... loader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Norton Ghost 2003\GhostStartService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: uvnc_service - UltraVNC - d:\Programy01\UltraVNC\WinVNC.exe
O23 - Service: wampapache - Apache Software Foundation - d:\Program Files\wamp\Apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - d:\Program Files\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: WinRemotePC Server (WinRPC10) - Unknown owner - d:\Programy01\WinSoftMagic\WinRemotePC\WRPCServer.exe (file missing)

--
End of file - 10168 bytes

Reklama

Damned · Příspěvekod **Damned** » 20 pro 2009 21:54

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
*****************************************************************************************************************************************
Vypni si Body obnovení.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [pdfSaver3] "d:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - Startup: siszyd32.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

holus · Příspěvekod **holus** » 20 pro 2009 22:34

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3398
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.12.2009 22:32:38
mbam-log-2009-12-20 (22-32-32).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 110671
Uplynulý čas: 7 minute(s), 37 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 2
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 7

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\KTlibeay32_0.9.7.2.dll (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\KTssleay32_0.9.7.2.dll (Trojan.FakeAlert) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\HonzaH\Nabídka Start\Programy\Po spuštění\siszyd32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HonzaH\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Program Files\setup.exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\KTlibeay32_0.9.7.2.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\KTssleay32_0.9.7.2.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\HonzaH\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.

Damned · Příspěvekod **Damned** » 20 pro 2009 22:38

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

holus · Příspěvekod **holus** » 20 pro 2009 23:20

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3398
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.12.2009 22:48:11
mbam-log-2009-12-20 (22-48-11).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 110679
Uplynulý čas: 6 minute(s), 51 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 2
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 7

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\KTlibeay32_0.9.7.2.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\KTssleay32_0.9.7.2.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\HonzaH\Nabídka Start\Programy\Po spuštění\siszyd32.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\HonzaH\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KTlibeay32_0.9.7.2.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KTssleay32_0.9.7.2.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HonzaH\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Data aplikací\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.

holus · Příspěvekod **holus** » 20 pro 2009 23:21

ComboFix 09-12-19.03 - HonzaH 20.12.2009 23:11:16.1.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.585 [GMT 1:00]
Spuštěný z: g:\oprava\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HonzaH\Local Settings\Temporary Internet Files\MF9729ED.gif
C:\Tmp8C1.tmp
C:\TmpDCE.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-20 do 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-20 19:33 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-20 19:33 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-16 19:25 . 2009-12-16 19:25 -------- d-----w- C:\FOUND.003
2009-12-15 20:58 . 2009-12-15 20:58 142 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-06 19:41 . 2009-12-06 19:41 -------- d-----w- c:\program files\Common Files\Skype
2009-11-30 06:05 . 2009-11-30 06:05 -------- d-----w- C:\FOUND.002
2009-11-29 19:34 . 2009-11-29 19:34 -------- d-----w- c:\program files\Microsoft
2009-11-29 19:33 . 2009-11-29 19:33 -------- d-----w- c:\windows\system32\IE700
2009-11-29 19:32 . 1997-03-11 23:00 194736 ----a-w- c:\windows\system\JSCRPT16.DLL
2009-11-29 19:32 . 1997-03-11 23:00 141456 ----a-w- c:\windows\system\SCHNL16.DLL
2009-11-23 19:28 . 2009-11-23 19:28 -------- d-----w- C:\FOUND.001

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 21:51 . 2008-03-23 20:42 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-09 15:43 . 2007-09-07 20:39 534372 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-12-09 15:43 . 2001-10-25 11:00 83562 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 15:43 . 2001-10-25 11:00 440812 ----a-w- c:\windows\system32\perfh005.dat
2009-11-08 20:13 . 2009-11-08 20:13 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-10-29 07:43 . 2006-06-21 20:41 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-06-21 20:52 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:40 . 2006-06-21 20:52 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2006-06-21 20:52 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2006-06-21 20:41 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-06-21 20:41 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-06-21 20:41 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-03-02 06:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 14:42 . 2003-03-17 22:00 503808 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-07 14:42 . 2003-02-20 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-07 14:42 . 2007-01-26 08:18 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-10-07 14:39 . 2009-11-20 20:03 2134016 ----a-w- c:\windows\system32\cdintf251.dll
2009-09-23 08:41 . 2007-09-19 18:00 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2005-09-09 18:55 . 2006-06-21 22:15 7155864 ----a-w- c:\program files\NGhost10.msi
2005-09-09 18:55 . 2006-06-21 22:15 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-09 18:55 . 2006-06-21 22:15 37766164 ----a-w- c:\program files\Data1.cab
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="d:\programy\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"CpuIdle"="c:\program files\CpuIdle\cpuidle.exe" [2004-11-20 807428]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-07-17 921600]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-4-28 633856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\MirandaPack\\miranda32.exe"=
"d:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"d:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"d:\\Programy\\Miranda Plus nova\\miranda32.exe"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\SJLabs\\SJphone\\SJphone.exe"=
"d:\\Programy\\CZDCPlusPlus-0666[J]\\CZDCPlusPlus.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Programy\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\wamp\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\System32\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"d:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"=
"d:\\Programy\\PYSoft Broadcaster\\Broadcaster.exe"=
"d:\\Program Files\\webcamXP\\webcamXP.exe"=
"d:\\Programy\\StrongDC204\\StrongDC.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Atexty\\Honza\\winbox.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Windows Media Player\\WMPLAYER.EXE"=
"d:\\Atexty\\wifi\\Microtic-router\\winbox.exe"=
"d:\\Atexty\\wifi\\TP-Link\\firm-200872391554\\tftpd32.exe"=
"d:\\Programy\\radioPlayer\\radioplayer.exe"=
"d:\\temp\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"d:\\Programy01\\UltraVNC\\winvnc.exe"=
"g:\\Programy\\QIP\\qip.exe"=
"g:\\Programy\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"d:\\Programy01\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"8080:TCP"= 8080:TCP:Webcamera
"5900:TCP"= 5900:TCP:vnc5900
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5800:TCP"= 5800:TCP:vnc5800

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [19.7.2007 16:21 77312]
R1 GhPciScan;GhostPciScanner;d:\program files\Norton Ghost 2003\GhPciScan.sys [14.7.2007 0:21 5632]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 uvnc_service;uvnc_service;d:\programy01\UltraVNC\winvnc.exe [1.10.2009 18:39 1589704]
R3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [3.4.2007 20:59 4134]
R3 PhTVTune;ASUS TV7134 WDM TVTuner;c:\windows\system32\drivers\phtvtune.sys [3.4.2007 20:57 26848]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys --> c:\windows\system32\DRIVERS\nvtvsnd.sys [?]
S2 WinRPC10;WinRemotePC Server;d:\programy01\WinSoftMagic\WinRemotePC\WRPCServer.exe /startedbyscm:14801308-40E2C9B6-WinRPC10 --> d:\programy01\WinSoftMagic\WinRemotePC\WRPCServer.exe [?]
S3 BroadCamService;BroadCam Service;c:\program files\NCH Software\BroadCam\broadCam.exe [13.6.2007 9:42 368644]
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [2.6.2009 11:40 37120]
S3 radmrdd;radmrdd;c:\windows\system32\DRIVERS\radmrdd.sys --> c:\windows\system32\DRIVERS\radmrdd.sys [?]
S3 zebratap;NeoRouter Network Interface;c:\windows\system32\drivers\zebratap.sys [29.3.2009 22:24 25216]
S4 Bths_da;Bths_da; [x]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
mWindow Title = IE 4.01 (Microsoft Internet Explorer)
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Snip to my eSnips account - d:\programy01\eSnips\res\SnipIt.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5F509E42-537E-482B-B66C-145BC170054C} - hxxp://sberna.fotostar.cz/snadno-vlozit ... loader.dll
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp03.photoprintit.de/microsite/ ... loader.cab
FF - ProfilePath - c:\documents and settings\HonzaH\Data aplikací\Mozilla\Firefox\Profiles\0xyc2vci.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - SluneÄŤnice
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\HonzaH\Data aplikací\Mozilla\Firefox\Profiles\0xyc2vci.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\HonzaH\Data aplikací\Mozilla\Firefox\Profiles\0xyc2vci.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPXStandard.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-pdfSaver3 - (no file)
HKLM-Run-ClientGW - (no file)
HKLM-Run-eSnips - (no file)
HKLM-Run-CmPCIaudio - CMICNFG3.cpl
AddRemove-Call of Duty - d:\hry\Call of Duty\Main\Odinstalovat.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Zipeg - c:\program files\Zipeg\zipeg.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 23:15
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinRPC10]
"ImagePath"="d:\programy01\WinSoftMagic\WinRemotePC\WRPCServer.exe /startedbyscm:14801308-40E2C9B6-WinRPC10"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-725345543-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DB5BEDD6-EAE5-455E-56BD-C484F3F1F5F9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"facliiejfjjj"=hex:68,61,61,69,68,6c,68,6c,6c,6d,66,6d,62,63,66,63,00,01
"facliiejfjij"=hex:68,61,61,69,68,6c,68,6c,6c,6d,63,6e,64,63,6c,67,00,01

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Background Task Scheduler"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="URL Shortcut PropSetStorage Mapping"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\Instance]
"CLSID"="{942bc614-676c-464e-b384-d3202aaa02da}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft BrowserBand"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Fade Task"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE OrderListExport"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Desk Bar"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shared Task Scheduler"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE AutoComplete"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="TravelLog"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Subscribe Dialog"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Navigation Bar"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDataObjectWrapper"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Site"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Band"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Document"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\ProgID]
@="xmlfile"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Tasks"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft History AutoComplete List"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Tracking Shell Menu"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE BandProxy"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Private Profile Object"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDropSourceWrapper"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Toolbar Extension for Executable"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}\InprocServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="INI Property Set Storage Handler"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}\InProcServer32]
@=expand:"ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE MRU AutoComplete List"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Folder"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\ShellFolder]
"Attributes"=dword:a0000000

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Shell Folder AutoComplete List"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Thread Handshake"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Thread State"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Toolbar Extension for Bands"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}\InprocServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS FeedFolder Tasks"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Shell Name Space ListView"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Multiple AutoComplete List Container"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Microsoft Browser Architecture"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\ShellFolder]
"Attributes"=dword:a0000050

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Rebar BandSite"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Docking Bar Property Bag"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}]
@Class="REG_SZ"
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="PSFactoryBuffer"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32]
@Class="REG_SZ"
@="ieproxy.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories conditional cache daemon"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Application State"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Band Site Menu"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ProtectedModeAPI"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="&Links"
"MenuTextPUI"="@ieframe.dll,-13138"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Registry Tree Options Utility"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE User Assist"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft CommBand"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Custom MRU AutoCompleted List"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Moniker"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}]
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
@="IBrowserService"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}\NumMethods]
@="33"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}\ProxyStubClsid32]
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}]
@Class="REG_SZ"
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IBrowserFrame"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\NumMethods]
@Class="REG_SZ"
@="16"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\ProxyStubClsid32]
@Class="REG_SZ"
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}]
@Class="REG_SZ"
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
@="IBrowserWindows"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}\NumMethods]
@Class="REG_SZ"
@="8"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}\ProxyStubClsid32]
@Class="REG_SZ"
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}]
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
@="ITravelLog"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}\NumMethods]
@="14"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}\ProxyStubClsid32]
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}]
@Class="REG_SZ"
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabBrowserService"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\NumMethods]
@Class="REG_SZ"
@="6"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\ProxyStubClsid32]
@Class="REG_SZ"
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}]
@Class="REG_SZ"
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
@="ITravelLogUI"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}\NumMethods]
@Class="REG_SZ"
@="6"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}\ProxyStubClsid32]
@Class="REG_SZ"
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}]
@Class="REG_SZ"
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabWindow"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\NumMethods]
@Class="REG_SZ"
@="28"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\ProxyStubClsid32]
@Class="REG_SZ"
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}]
@Class="REG_SZ"
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabWindowManager"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\NumMethods]
@Class="REG_SZ"
@="17"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\ProxyStubClsid32]
@Class="REG_SZ"
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1120)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-12-20 23:17:35
ComboFix-quarantined-files.txt 2009-12-20 22:17

Před spuštěním: Volných bajtů: 49 589 452 800
Po spuštění: Volných bajtů: 49 599 512 576

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 84E2107405F511CF0E026A0DC9FD4BE0

Damned · Příspěvekod **Damned** » 20 pro 2009 23:48

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\PerfStringBackup.TMP

FireFox::
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

Folder::
C:\FOUND.003
C:\FOUND.002
C:\FOUND.001

Driver::
Bths_da;Bths_da
Bths_da
catchme

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\Instance]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\ShellFolder]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\ShellFolder]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}\NumMethods]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\NumMethods]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}\NumMethods]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}\NumMethods]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\NumMethods]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}\NumMethods]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\NumMethods]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\NumMethods]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\ProxyStubClsid32]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

holus · Příspěvekod **holus** » 21 pro 2009 07:19

ComboFix 09-12-20.03 - HonzaH 21.12.2009 7:06.2.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.675 [GMT 1:00]
Spuštěný z: c:\documents and settings\HonzaH\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\HonzaH\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}

FILE ::
"c:\windows\system32\fjhdyfhsn.bat"
"c:\windows\system32\PerfStringBackup.TMP"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.001
c:\found.001\FILE0000.CHK
c:\found.001\FILE0001.CHK
C:\FOUND.002
c:\found.002\FILE0000.CHK
c:\found.002\FILE0001.CHK
c:\found.002\FILE0002.CHK
c:\found.002\FILE0003.CHK
C:\FOUND.003
c:\found.003\FILE0000.CHK
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\PerfStringBackup.TMP

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CATCHME
-------\Service_Bths_da
-------\Service_catchme

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-21 do 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-20 19:33 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-20 19:33 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-06 19:41 . 2009-12-06 19:41 -------- d-----w- c:\program files\Common Files\Skype
2009-11-29 19:34 . 2009-11-29 19:34 -------- d-----w- c:\program files\Microsoft
2009-11-29 19:33 . 2009-11-29 19:33 -------- d-----w- c:\windows\system32\IE700
2009-11-29 19:32 . 1997-03-11 23:00 194736 ----a-w- c:\windows\system\JSCRPT16.DLL
2009-11-29 19:32 . 1997-03-11 23:00 141456 ----a-w- c:\windows\system\SCHNL16.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 06:12 . 2008-03-23 20:42 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-09 15:43 . 2001-10-25 11:00 83562 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 15:43 . 2001-10-25 11:00 440812 ----a-w- c:\windows\system32\perfh005.dat
2009-11-08 20:13 . 2009-11-08 20:13 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-10-29 07:43 . 2006-06-21 20:41 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-06-21 20:52 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:40 . 2006-06-21 20:52 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2006-06-21 20:52 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2006-06-21 20:41 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-06-21 20:41 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-06-21 20:41 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-03-02 06:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 14:42 . 2003-03-17 22:00 503808 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-07 14:42 . 2003-02-20 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-07 14:42 . 2007-01-26 08:18 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-10-07 14:39 . 2009-11-20 20:03 2134016 ----a-w- c:\windows\system32\cdintf251.dll
2009-09-23 08:41 . 2007-09-19 18:00 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2005-09-09 18:55 . 2006-06-21 22:15 7155864 ----a-w- c:\program files\NGhost10.msi
2005-09-09 18:55 . 2006-06-21 22:15 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-09 18:55 . 2006-06-21 22:15 37766164 ----a-w- c:\program files\Data1.cab
.

((((((((((((((((((((((((((((( SnapShot@2009-12-20_22.15.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-21 06:13 . 2009-12-21 06:13 16384 c:\windows\Temp\Perflib_Perfdata_450.dat
+ 2008-05-28 07:41 . 2009-12-21 05:49 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-05-28 07:41 . 2009-08-21 19:24 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-07-18 04:21 . 2009-07-18 04:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="d:\programy\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"CpuIdle"="c:\program files\CpuIdle\cpuidle.exe" [2004-11-20 807428]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-07-17 921600]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-4-28 633856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\MirandaPack\\miranda32.exe"=
"d:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"d:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"d:\\Programy\\Miranda Plus nova\\miranda32.exe"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\SJLabs\\SJphone\\SJphone.exe"=
"d:\\Programy\\CZDCPlusPlus-0666[J]\\CZDCPlusPlus.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Programy\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\wamp\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\System32\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"d:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"=
"d:\\Programy\\PYSoft Broadcaster\\Broadcaster.exe"=
"d:\\Program Files\\webcamXP\\webcamXP.exe"=
"d:\\Programy\\StrongDC204\\StrongDC.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Atexty\\Honza\\winbox.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Windows Media Player\\WMPLAYER.EXE"=
"d:\\Atexty\\wifi\\Microtic-router\\winbox.exe"=
"d:\\Atexty\\wifi\\TP-Link\\firm-200872391554\\tftpd32.exe"=
"d:\\Programy\\radioPlayer\\radioplayer.exe"=
"d:\\temp\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"d:\\Programy01\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"d:\\Programy01\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"8080:TCP"= 8080:TCP:Webcamera
"5900:TCP"= 5900:TCP:vnc5900
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5800:TCP"= 5800:TCP:vnc5800

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [19.7.2007 16:21 77312]
R1 GhPciScan;GhostPciScanner;d:\program files\Norton Ghost 2003\GhPciScan.sys [14.7.2007 0:21 5632]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 uvnc_service;uvnc_service;d:\programy01\UltraVNC\winvnc.exe [1.10.2009 18:39 1589704]
R3 PhTVTune;ASUS TV7134 WDM TVTuner;c:\windows\system32\drivers\phtvtune.sys [3.4.2007 20:57 26848]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys --> c:\windows\system32\DRIVERS\nvtvsnd.sys [?]
S2 WinRPC10;WinRemotePC Server;d:\programy01\WinSoftMagic\WinRemotePC\WRPCServer.exe /startedbyscm:14801308-40E2C9B6-WinRPC10 --> d:\programy01\WinSoftMagic\WinRemotePC\WRPCServer.exe [?]
S3 BroadCamService;BroadCam Service;c:\program files\NCH Software\BroadCam\broadCam.exe [13.6.2007 9:42 368644]
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [2.6.2009 11:40 37120]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [3.4.2007 20:59 4134]
S3 radmrdd;radmrdd;c:\windows\system32\DRIVERS\radmrdd.sys --> c:\windows\system32\DRIVERS\radmrdd.sys [?]
S3 zebratap;NeoRouter Network Interface;c:\windows\system32\drivers\zebratap.sys [29.3.2009 22:24 25216]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
mWindow Title = IE 4.01 (Microsoft Internet Explorer)
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Snip to my eSnips account - d:\programy01\eSnips\res\SnipIt.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5F509E42-537E-482B-B66C-145BC170054C} - hxxp://sberna.fotostar.cz/snadno-vlozit ... loader.dll
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp03.photoprintit.de/microsite/ ... loader.cab
FF - ProfilePath - c:\documents and settings\HonzaH\Data aplikací\Mozilla\Firefox\Profiles\0xyc2vci.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - SluneÄŤnice
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\HonzaH\Data aplikací\Mozilla\Firefox\Profiles\0xyc2vci.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\HonzaH\Data aplikací\Mozilla\Firefox\Profiles\0xyc2vci.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPXStandard.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 07:14
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinRPC10]
"ImagePath"="d:\programy01\WinSoftMagic\WinRemotePC\WRPCServer.exe /startedbyscm:14801308-40E2C9B6-WinRPC10"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-725345543-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DB5BEDD6-EAE5-455E-56BD-C484F3F1F5F9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"facliiejfjjj"=hex:68,61,61,69,68,6c,68,6c,6c,6d,66,6d,62,63,66,63,00,01
"facliiejfjij"=hex:68,61,61,69,68,6c,68,6c,6c,6d,63,6e,64,63,6c,67,00,01

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Background Task Scheduler"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="URL Shortcut PropSetStorage Mapping"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\Instance]
"CLSID"="{942bc614-676c-464e-b384-d3202aaa02da}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft BrowserBand"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Fade Task"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE OrderListExport"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Desk Bar"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shared Task Scheduler"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE AutoComplete"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="TravelLog"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Subscribe Dialog"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Navigation Bar"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDataObjectWrapper"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Site"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Band"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Document"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\ProgID]
@="xmlfile"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Tasks"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft History AutoComplete List"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Tracking Shell Menu"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE BandProxy"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Private Profile Object"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDropSourceWrapper"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Toolbar Extension for Executable"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}\InprocServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="INI Property Set Storage Handler"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}\InProcServer32]
@=expand:"ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE MRU AutoComplete List"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Folder"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\ShellFolder]
"Attributes"=dword:a0000000

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Shell Folder AutoComplete List"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Thread Handshake"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Thread State"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Toolbar Extension for Bands"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}\InprocServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS FeedFolder Tasks"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Shell Name Space ListView"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Multiple AutoComplete List Container"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Microsoft Browser Architecture"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\ShellFolder]
"Attributes"=dword:a0000050

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Rebar BandSite"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Docking Bar Property Bag"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}]
@Class="REG_SZ"
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="PSFactoryBuffer"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32]
@Class="REG_SZ"
@="ieproxy.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories conditional cache daemon"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Application State"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Band Site Menu"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ProtectedModeAPI"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="&Links"
"MenuTextPUI"="@ieframe.dll,-13138"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Registry Tree Options Utility"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE User Assist"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft CommBand"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Custom MRU AutoCompleted List"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Moniker"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}]
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
@="IBrowserService"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}\NumMethods]
@="33"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}\ProxyStubClsid32]
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}]
@Class="REG_SZ"
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IBrowserFrame"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\NumMethods]
@Class="REG_SZ"
@="16"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\ProxyStubClsid32]
@Class="REG_SZ"
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}]
@Class="REG_SZ"
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
@="IBrowserWindows"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}\NumMethods]
@Class="REG_SZ"
@="8"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}\ProxyStubClsid32]
@Class="REG_SZ"
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}]
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
@="ITravelLog"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}\NumMethods]
@="14"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}\ProxyStubClsid32]
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}]
@Class="REG_SZ"
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabBrowserService"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\NumMethods]
@Class="REG_SZ"
@="6"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\ProxyStubClsid32]
@Class="REG_SZ"
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}]
@Class="REG_SZ"
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
@="ITravelLogUI"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}\NumMethods]
@Class="REG_SZ"
@="6"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}\ProxyStubClsid32]
@Class="REG_SZ"
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}]
@Class="REG_SZ"
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabWindow"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\NumMethods]
@Class="REG_SZ"
@="28"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\ProxyStubClsid32]
@Class="REG_SZ"
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}]
@Class="REG_SZ"
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabWindowManager"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\NumMethods]
@Class="REG_SZ"
@="17"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\ProxyStubClsid32]
@Class="REG_SZ"
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1100)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1828)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\TortoiseSVN\Languages\TortoiseProc1029.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
d:\program files\Norton Ghost 2003\GhostStartService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Celkový čas: 2009-12-21 07:17:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-21 06:17
ComboFix2.txt 2009-12-20 22:17

Před spuštěním: Volných bajtů: 49 591 517 184
Po spuštění: Volných bajtů: 49 441 439 744

- - End Of File - - D8B1DEC1A4A3FBC5EC17F1F54AF8A682

holus · Příspěvekod **holus** » 21 pro 2009 07:20

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:38, on 21.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe
d:\Programy01\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\wuauclt.exe
d:\Programy01\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programy\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\CpuIdle\cpuidle.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programy\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "d:\Programy\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [CpuIdle] C:\Program Files\CpuIdle\cpuidle.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - D:\Programy01\eSnips\res\SnipIt.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Programy01\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Programy01\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} (PhotoUploader Control) - http://sberna.fotostar.cz/snadno-vlozit ... loader.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://ovanet.cz/activex/AxisCamControl.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/ ... loader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Norton Ghost 2003\GhostStartService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: uvnc_service - UltraVNC - d:\Programy01\UltraVNC\WinVNC.exe
O23 - Service: wampapache - Apache Software Foundation - d:\Program Files\wamp\Apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - d:\Program Files\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: WinRemotePC Server (WinRPC10) - Unknown owner - d:\Programy01\WinSoftMagic\WinRemotePC\WRPCServer.exe (file missing)

--
End of file - 8424 bytes

holus · Příspěvekod **holus** » 21 pro 2009 07:21

Mockrát děkuji za neuvěřitelně rychlou pomoc. Počítač teď jede jak má. Ještě jednou děkuji.

Damned · Příspěvekod **Damned** » 21 pro 2009 11:47

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Pokud nepůjde a ComboFix je na Ploše, tak Start-->Spustit a do řádku zkopíruj:

Kód: Vybrat vše

"%userprofile%\Plocha\combofix" /uninstall

(Podle CF community bylo změněno /u na uninstall, pokud je na Ploše, tak daný řetězec)

Pokud ti nepůjde ani to tak najdi a smaž:
C:\327882R2FWJFW
C:\ComboFix
C:\Qoobox
C:\Combofix.txt
a Combofix.exe
Pak si stáhni OTCleanIt.
- Připoj se k internetu a dvojklikem spusť program
- Klikni na tlačítko CleanUp
- Po dokončení povol restart PC
- Po restartu tento nástroj smaž - není určen pro běžné používání

Vyčisti systém CCleanerem a použij i T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.

Kdyby se něco zase objevilo, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se. :bigups:

Prosím o kontrolu logu SVCHOST.EXE 100% CPU Vyřešeno

Prosím o kontrolu logu SVCHOST.EXE 100% CPU Vyřešeno

Re: Prosím o kontrolu logu SVCHOST.EXE 100% CPU

Re: Prosím o kontrolu logu SVCHOST.EXE 100% CPU

Re: Prosím o kontrolu logu SVCHOST.EXE 100% CPU

Re: Prosím o kontrolu logu SVCHOST.EXE 100% CPU

Re: Prosím o kontrolu logu SVCHOST.EXE 100% CPU

Re: Prosím o kontrolu logu SVCHOST.EXE 100% CPU

Re: Prosím o kontrolu logu SVCHOST.EXE 100% CPU

Re: Prosím o kontrolu logu SVCHOST.EXE 100% CPU

Re: Prosím o kontrolu logu SVCHOST.EXE 100% CPU

Re: Prosím o kontrolu logu SVCHOST.EXE 100% CPU

Kdo je online