Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Padá net, nelze odeslat HijackThis log mailem

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Padá net, nelze odeslat HijackThis log mailem

#1 Příspěvek od Kryšpín »

Dobrý den. V práci se nam na kompu stále objevuje nějaké hlášení od antivira (EssetNod) s nějakými nesmyslnými adresami, na které se snad přihlašujeme- podle toho Noda. Správce sítě s tim nic nesvedl. Zkusil jsem si vytvořit log v Hijacku (jedinný, s kterým jsem se naučil pracovat) a chtěl ho zkontrolovat na stránce http://www.hijackthis.de/cz, nebyla dostupná. Zkusil jsem si log poslat domů ale mail se neodeslal. Tak jsme ho zazipoval a konečně se to povedlo. (blokování odeslání logu je docela dobrý fór. :wink: ) Doma jsem to zkusil přes tu službu zkontrolovat, a tady ode mě to funguje.
je tam nastavení proxyserveru a u toho název, který mi něco říká (Nasty), před pár lety jsem snad s timhle už měl nějaký problém. Bohužel jsem spíše uživatel a tak si to už nepamatuju. Zdá se ale, že si s tim budeme muset v práci poradit sami. Zkusím to pomocí toho programu HijakcThis fixnout - jsem si jist, že tam žádné nastavení proxyserveru být nemá. Ale něco mi řáká, že to tím neskončí... Pokud máte stejný názor, tak mi poraďte, co a jak dál. Děkuji. (Do práce se dostanu v Pondělí, takže nemusíte zase tak spěchat.)
Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:21, on 7.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetTime\NeTmSvNT.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LFXGDIPO.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinMedicalc\WinMedicalc.exe
C:\Documents and Settings\chir-lekar.MNCASLAV\Dokumenty\Stažené soubory\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7294162531
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MNCASLAV.local
O17 - HKLM\Software\..\Telephony: DomainName = MNCASLAV.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MNCASLAV.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Program Files\NetTime\NeTmSvNT.exe

--
End of file - 4442 bytes

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#2 Příspěvek od Kryšpín »

Tak jsem doběhl do práce a mám ten log. Nebylo jej ale možné vložit z toho kompu, podobně jako při pokusu o odeslání mailu to nějak zablokovalo odeslání (napsalo to, že Vaše stránka s forem je dočasně nedostupná.) Posílám to z domova, donesený na flashce. Doufám že to ta potvora nebude dělat pořád, to bych se docela naběhal :) Nebo že se mi nějak nepřestěhuje do domácího kompu...

Logfile of random's system information tool 1.06 (written by random/random)
Run by chir-lekar at 2010-05-07 22:09:34
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 246 GB (81%) free of 305 GB
Total RAM: 2038 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:37, on 7.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetTime\NeTmSvNT.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LFXGDIPO.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinMedicalc\WinMedicalc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\RSIT1.06.exe
C:\Documents and Settings\chir-lekar.MNCASLAV\Dokumenty\Stažené soubory\chir-lekar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7294162531
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MNCASLAV.local
O17 - HKLM\Software\..\Telephony: DomainName = MNCASLAV.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MNCASLAV.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Program Files\NetTime\NeTmSvNT.exe

--
End of file - 4505 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-07 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-04-20 162584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-04-20 142104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetTime]
C:\Program Files\NetTime\NetTime.exe [2003-01-31 3791032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-04-20 138008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-12-19 16062464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^chir-lekar.MNCASLAV^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-09-16 384512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\UniServer\usr\local\apache2\bin\Apache.exe"="C:\UniServer\usr\local\apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\JustVoip\JustVoip.exe"="C:\Program Files\JustVoip\JustVoip.exe:*:Enabled:JustVoip"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\tera\tera32.exe"="C:\tera\tera32.exe:*:Enabled:tera32"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{638cf0ba-e002-11de-9af8-002421b8456d}]
shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe


======List of files/folders created in the last 1 months======

2010-05-07 22:07:29 ----D---- C:\rsit
2010-05-05 20:55:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-05-05 20:54:57 ----D---- C:\WINDOWS\pss
2010-05-05 20:54:05 ----A---- C:\WINDOWS\PCTBDCore.dll.old
2010-05-05 20:52:46 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-05-05 18:37:11 ----D---- C:\Program Files\Crawler
2010-04-28 12:36:10 ----A---- C:\PinnacleStudio14Trial.exe
2010-04-21 07:11:27 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-20 08:46:03 ----D---- C:\Program Files\Zeallsoft
2010-04-16 19:59:40 ----D---- C:\Program Files\Common Files\Adobe
2010-04-16 19:59:40 ----D---- C:\Program Files\Adobe
2010-04-15 15:28:06 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 15:27:57 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 15:27:56 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-04-15 15:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-15 15:27:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-15 15:27:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 15:26:59 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-13 23:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-13 23:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

======List of files/folders modified in the last 1 months======

2010-05-07 22:08:59 ----D---- C:\WINDOWS\Temp
2010-05-07 22:07:38 ----D---- C:\WINDOWS\Prefetch
2010-05-07 16:04:13 ----D---- C:\Program Files\WinMedicalc
2010-05-06 18:06:59 ----D---- C:\Program Files\JustVoip
2010-05-06 13:08:37 ----RD---- C:\Program Files
2010-05-06 12:32:55 ----RASH---- C:\boot.ini
2010-05-06 12:32:55 ----A---- C:\WINDOWS\win.ini
2010-05-06 12:32:55 ----A---- C:\WINDOWS\system.ini
2010-05-06 12:29:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-06 11:27:37 ----D---- C:\Program Files\Common Files
2010-05-06 11:27:01 ----D---- C:\WINDOWS\system32\drivers
2010-05-06 11:26:57 ----D---- C:\WINDOWS
2010-05-06 11:24:20 ----D---- C:\WINDOWS\system32
2010-05-06 07:06:43 ----SHD---- C:\WINDOWS\CSC
2010-05-05 21:33:16 ----AD---- C:\tera
2010-05-05 20:53:02 ----SHD---- C:\WINDOWS\Installer
2010-05-05 20:53:01 ----D---- C:\WINDOWS\WinSxS
2010-05-05 20:53:01 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-05-03 19:08:56 ----D---- C:\Program Files\Avidemux 2.5
2010-05-01 15:46:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-29 12:43:05 ----D---- C:\Program Files\Mozilla Firefox
2010-04-26 07:32:28 ----HD---- C:\WINDOWS\inf
2010-04-16 19:59:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-04-15 15:28:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-04-15 15:28:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-15 15:28:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-15 15:28:04 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-10-29 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-10-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-07 153376]
R2 NetTimeSvc;NetTime; C:\Program Files\NetTime\NeTmSvNT.exe [2003-01-31 452096]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#3 Příspěvek od Kryšpín »

Zatím se stalo toto: Stáhl jsem si combo fix, přejmenoval na abraca.com a spustil (bohužel z flashky - chtěl jsem si tenhle návod zobrazit ale z toho počítače je tahle stránka blokována a nepamatoval jsem si to)
chtěl stáhnout Recovery konzoli... stalo se, potom prohlásil že je tam rootkit a potřebuje restart, po něm se spustil automatický scan a už je to těch 20 minut a je na: Dokončeno fáze_49

už se 15 minut nic dalšího neděje.
Vrátím se a ukončím ho, jak doporučujete a zkusím ten druhý.
a taky to dám obé na plochu.

výsledek asi napíšu až zítra

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#4 Příspěvek od Kryšpín »

takže combo fix opět skončil u fáze_49 a tak jsem ho ukončil. Ale na začátku se nerestartovalo nic a nehlásil nic o rootkitu, jako minule. neotevřel se žádný log a ani na C jsem to v uvedené cestě nenašel. Jen je tam (na C) ikona s názvem abraka a vzhledem a chováním "Tento počítač", která bych řekl že tam minule nebyla...
Gmer poprvé nějak zkolaboval (šedá obrazovka a nutný tvrdý restart), podruhé doběhl a zde jsou logy:
krátký:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-10 08:26:35
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CHIR-L~1.MNC\LOCALS~1\Temp\kwldquoc.sys


---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\CHIR-L~1.MNC\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.15 ----

dlouhý:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 11:04:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CHIR-L~1.MNC\LOCALS~1\Temp\kwldquoc.sys


---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\CHIR-L~1.MNC\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----
zkusím to odeslat jestli to projde

A prošlo, takže alespoň něco pozitivního :) . Předtím to blokovalo i tohle forum...

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#5 Příspěvek od Kryšpín »

složka Quoobox se vytvořila, ale esset mi z mí mazal jeden soubor v té složce karanténa (quaranti..) s tím že to je trojan. Správce mi ale řekl jak esseta vypnout (je na heslo) takže to máš v příloze zde dole. Nevím, kam jinam to upnout. Snad to takhle nevadí. To druhé jdu udělat. Zatím díky.
Přílohy
Qoobox.zip
(9.41 KiB) Staženo 46 x

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#6 Příspěvek od Kryšpín »

OTL logfile created on: 10.5.2010 18:24:01 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 239,98 Gb Free Space | 80,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHIR-LEKARVBH
Current User Name: chir-lekar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.10 18:16:59 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\OTL.exe
PRC - [2010.04.04 09:11:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.10.07 10:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.10.07 10:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.30 07:32:54 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LFXGDIPO.EXE
PRC - [2003.01.31 00:35:45 | 000,452,096 | ---- | M] (Subjective Software) -- C:\Program Files\NetTime\NeTmSvNT.exe


========== Modules (SafeList) ==========

MOD - [2010.05.10 18:16:59 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\OTL.exe
MOD - [2008.04.14 09:51:38 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2008.04.14 09:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009.10.07 10:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.10.07 10:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2003.01.31 00:35:45 | 000,452,096 | ---- | M] (Subjective Software) [Auto | Running] -- C:\Program Files\NetTime\NeTmSvNT.exe -- (NetTimeSvc)


========== Driver Services (SafeList) ==========

DRV - [2009.10.07 10:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.10.07 10:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2009.10.07 10:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.09.25 15:51:42 | 000,115,328 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.04.14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008.04.13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.06.18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007.04.16 08:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006.12.21 10:26:00 | 004,405,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-1343024091-854245398-2142\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal
IE - HKU\S-1-5-21-1004336348-1343024091-854245398-2142\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portal
IE - HKU\S-1-5-21-1004336348-1343024091-854245398-2142\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1004336348-1343024091-854245398-2142\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1004336348-1343024091-854245398-2142\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {d1e06b91-60e6-4492-af9f-53043fa32716}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.03 16:18:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.16 20:00:22 | 000,000,000 | ---D | M]

[2009.11.09 11:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\Mozilla\Extensions
[2010.05.10 11:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\Mozilla\Firefox\Profiles\d8j2jph8.default\extensions
[2010.03.29 02:33:10 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\Mozilla\Firefox\Profiles\d8j2jph8.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010.01.22 17:37:59 | 000,000,000 | ---D | M] (TheFreeDictionarycom Toolbar) -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\Mozilla\Firefox\Profiles\d8j2jph8.default\extensions\{d1e06b91-60e6-4492-af9f-53043fa32716}
[2010.05.10 11:11:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.13 21:42:25 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.13 21:42:25 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.13 21:42:25 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.13 21:42:25 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.13 21:42:25 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2007.10.29 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-1004336348-1343024091-854245398-2142\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1343024091-854245398-2142\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-1343024091-854245398-2142\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-1343024091-854245398-2142\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7294162531 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MNCASLAV.local
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\chir-lekar.MNCASLAV\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\chir-lekar.MNCASLAV\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.21 19:53:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.11.21 20:38:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 7 Days ==========

[2010.05.10 18:16:54 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\OTL.exe
[2010.05.10 07:29:14 | 000,000,000 | --SD | C] -- C:\abraka
[2010.05.09 21:22:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.05.09 21:19:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.05.09 21:19:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.05.09 21:19:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.05.09 21:19:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.05.09 21:18:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.05.09 21:17:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.07 22:07:29 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.06 16:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2010.05.05 21:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Local Settings\Data aplikací\Threat Expert
[2010.05.05 20:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
[2010.05.05 20:54:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.05.05 20:54:05 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010.05.05 20:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.05.05 18:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010.05.04 09:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Dokumenty\item1018520825_pudovky_cihlova_dlazba_historicka_soubory
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.05.10 18:16:59 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\OTL.exe
[2010.05.10 18:03:33 | 000,009,638 | ---- | M] () -- C:\Qoobox.zip
[2010.05.10 11:19:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.10 11:19:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.10 11:07:23 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\NTUSER.DAT
[2010.05.10 11:07:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\ntuser.ini
[2010.05.10 06:57:17 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.10 06:57:17 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.05.10 06:57:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.09 21:11:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.05.09 10:55:28 | 003,684,390 | R--- | M] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\abraka.com
[2010.05.07 21:49:22 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\RSIT1.06.exe
[2010.05.07 15:32:25 | 000,001,816 | ---- | M] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Dokumenty\logg.7z
[2010.05.05 21:49:54 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\HiJackThis.lnk
[2010.05.04 15:04:29 | 000,049,081 | ---- | M] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Dokumenty\prepis_prevod_filmu_na_dvd_za_6_kc_za_minutu_17737708_1_F.jpg
[2010.05.04 09:21:21 | 000,039,236 | ---- | M] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Dokumenty\item1018520825_pudovky_cihlova_dlazba_historicka.html
[2010.05.03 22:52:36 | 000,506,384 | ---- | M] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\Pred_letem.jpg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.10 18:03:33 | 000,009,638 | ---- | C] () -- C:\Qoobox.zip
[2010.05.09 21:59:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\gmer.exe
[2010.05.09 21:59:02 | 003,684,390 | R--- | C] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\abraka.com
[2010.05.09 21:59:02 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\RSIT1.06.exe
[2010.05.09 21:22:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.05.09 21:22:20 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.05.09 21:19:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.05.09 21:19:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.05.09 21:19:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.05.09 21:19:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.05.09 21:19:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.05.07 15:32:25 | 000,001,816 | ---- | C] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Dokumenty\logg.7z
[2010.05.05 21:49:54 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\HiJackThis.lnk
[2010.05.04 15:04:29 | 000,049,081 | ---- | C] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Dokumenty\prepis_prevod_filmu_na_dvd_za_6_kc_za_minutu_17737708_1_F.jpg
[2010.05.04 09:21:20 | 000,039,236 | ---- | C] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Dokumenty\item1018520825_pudovky_cihlova_dlazba_historicka.html
[2010.05.03 22:52:36 | 000,506,384 | ---- | C] () -- C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\Pred_letem.jpg
[2010.01.08 02:51:05 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.01.08 02:51:04 | 004,483,443 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010.01.08 02:51:04 | 001,409,890 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010.01.08 02:51:04 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.01.08 02:51:04 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010.01.08 02:51:04 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010.01.08 02:51:04 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010.01.08 02:51:04 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010.01.08 02:51:04 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010.01.08 02:51:04 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010.01.08 02:51:04 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010.01.08 02:51:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010.01.08 02:51:04 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010.01.08 02:51:04 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010.01.08 02:51:04 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010.01.08 02:51:04 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010.01.08 02:51:04 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010.01.08 02:51:04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.12.15 20:12:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.10.02 08:26:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.10.01 18:08:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008.08.18 14:27:42 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007.11.21 19:29:57 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007.07.30 07:26:00 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\LFXCOINS.DLL
[2007.07.30 07:19:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LFXPJL2K.DLL
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== LOP Check ==========

[2009.11.03 11:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.05.06 11:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.01.07 23:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\avidemux
[2010.01.14 14:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\JustVoip
[2010.02.03 22:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\OpenOffice.org
[2010.01.01 21:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\VitySoft

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 09:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2010.04.28 13:20:30 | 2013,892,704 | ---- | M] () -- C:\PinnacleStudio14Trial.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.11.09 11:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\Adobe
[2010.01.07 23:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\avidemux
[2008.11.21 19:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\Identities
[2010.01.14 14:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\JustVoip
[2009.11.04 15:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\Macromedia
[2010.01.08 00:10:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\Microsoft
[2009.11.09 11:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\Mozilla
[2010.02.03 22:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\OpenOffice.org
[2009.11.19 10:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\PSpad
[2009.11.09 11:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\Skype
[2009.11.09 11:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\skypePM
[2009.12.07 14:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\Sun
[2010.01.01 21:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\VitySoft

< %APPDATA%\*.exe /s >
[2009.11.04 15:26:06 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\chir-lekar.MNCASLAV\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe


< MD5 for: AGP440.SYS >
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 09:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 09:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 09:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 09:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 01:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 09:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 09:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 09:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 09:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 09:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 09:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 09:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 09:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.11.21 20:44:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.11.21 20:44:08 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.11.21 20:44:08 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
< End of report >
Přílohy
Extras.zip
(4.91 KiB) Staženo 32 x

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#7 Příspěvek od Kryšpín »

Je to prosímtě tohle?
Dnešní zachycená infiltrace:
10.5.2010 17:36:37 Rezidentní ochrana soubor C:\RECYCLER\S-1-5-21-1004336348-1343024091-854245398-2142\Dc3.vir Win32/Olmarik.ZC trojský kůň NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\WINDOWS\Explorer.EXE.
10.5.2010 17:36:37 Rezidentní ochrana soubor C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir Win32/Olmarik.ZC trojský kůň NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\WINDOWS\Explorer.EXE.
10.5.2010 17:34:43 Rezidentní ochrana soubor C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir Win32/Olmarik.ZC trojský kůň NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\WINDOWS\Explorer.EXE.
10.5.2010 17:32:09 Rezidentní ochrana soubor C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir Win32/Olmarik.ZC trojský kůň NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\WINDOWS\Explorer.EXE.
10.5.2010 17:32:03 Rezidentní ochrana soubor C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir Win32/Olmarik.ZC trojský kůň NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\WINDOWS\Explorer.EXE.
10.5.2010 17:31:01 Rezidentní ochrana soubor C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir Win32/Olmarik.ZC trojský kůň NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\Program Files\7-Zip\7zG.exe.
10.5.2010 17:38:25 Rezidentní ochrana soubor C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir Win32/Olmarik.ZC trojský kůň NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\Program Files\7-Zip\7zG.exe.
10.5.2010 7:30:06 Rezidentní ochrana soubor C:\DOCUME~1\CHIR-L~1.MNC\LOCALS~1\Temp\Av-test.txt Eicar testovací soubor vyléčen smazáním - uložen do karantény NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\abraka\CF17258.cfxxe.

Včerejší zachycená infiltrace:
9.5.2010 21:26:00 Rezidentní ochrana soubor C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir Win32/Patched.EQ trojský kůň nelze léčit NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\abraka\PEV.cfxxe.
9.5.2010 21:25:59 Rezidentní ochrana soubor C:\DOCUME~1\CHIR-L~1.MNC\LOCALS~1\Temp\Av-test.txt Eicar testovací soubor vyléčen smazáním - uložen do karantény NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\abraka\CF18494.cfxxe.
9.5.2010 21:25:58 Rezidentní ochrana soubor C:\QooBox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir Win32/Patched.EQ trojský kůň nelze léčit NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\abraka\CF18494.cfxxe.
9.5.2010 21:25:58 Rezidentní ochrana soubor C:\QOOBOX\32788R22FWJFW\i8042prt.sys Win32/Patched.EQ trojský kůň nelze léčit NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\WINDOWS\system32\fc.exe.
9.5.2010 21:25:58 Rezidentní ochrana soubor C:\QooBox\32788R22FWJFW\i8042prt.sys Win32/Patched.EQ trojský kůň nelze léčit NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o spuštění souboru aplikací: C:\abraka\PEV.cfxxe.

Dnešní karanténa :
AV-test.txt -- Eicar testovací soubor
...A0039888.sys -- Win32/Patched.EQ trojský kůň

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#8 Příspěvek od Kryšpín »

Podařilo se mi zeditovat nastavení NODa aby CF neměl námitek že je spuštěný rezidentní štít a v nouzovém režimu to spustit, ale výsledek byl stejný... až do fáze_49 a konec. Žádný log.
Jediný rozdíl oproti Vašemu návodu je, že jsem si nestáhl nový CF ale použil zálohu z flash disku. Bohužel nemám v nouzovém režimu ani s povolením sítě nějak přístup k netu.

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#9 Příspěvek od Kryšpín »

Výsledky:
ROOTREPEAL (c) AD, 2007-2009

==================================================
Scan Start Time: 2010/05/12 16:09
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8EA0000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79B5000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8AD6000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

Kód: Vybrat vše


2010-05-12,16:52:56

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Running Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan
    Scheduled Tasks
    Windows Security Update Check
    API HOOK
    Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <egui><"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice>  [(Verified)ESET, spol. s r.o.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <Vlastní nastavení prohlížeče><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Adresář 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Aktualizace plochy systému Windows><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Adobe ARM><; "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe">  [(Verified)Adobe Systems, Incorporated]
    <Alcmtr><; ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <CTFMON.EXE><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <NetTime><; C:\Program Files\NetTime\NetTime.exe>  [Subjective Software]
    <Persistence><; C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Intel Corporation]
    <RTHDCPL><; RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SkyTel><; SkyTel.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

==================================
Startup Folders
N/A

==================================
Services
[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]
  <"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"><ESET>
[Eset Service / ekrn][Running/Auto Start]
  <"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"><ESET>
[Přístup k zařízením standardu HID / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[NetTime / NetTimeSvc][Running/Auto Start]
  <C:\Program Files\NetTime\NeTmSvNT.exe><Subjective Software>

==================================
Drivers
[catchme / catchme][Stopped/Manual Start]
  <\??\C:\DOCUME~1\CHIR-L~1.MNC\LOCALS~1\Temp\catchme.sys><N/A>
[eamon / eamon][Running/Auto Start]
  <system32\DRIVERS\eamon.sys><ESET>
[easdrv / easdrv][Running/System Start]
  <system32\DRIVERS\easdrv.sys><ESET>
[epfwtdir / epfwtdir][Running/System Start]
  <system32\DRIVERS\epfwtdir.sys><N/A>
[Ovladač Microsoft UAA pro sběrnici High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[Motorola USB CDC ACM Driver / motmodem][Stopped/Manual Start]
  <system32\DRIVERS\motmodem.sys><Motorola>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>

==================================
Browser Add-ons
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[&Zdroje informací]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_16]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_16]
  {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_16]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_16.dll, (Signed) Sun Microsystems, Inc.>
[]
  {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} <, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} <, >
[]
  {472734EA-242A-422B-ADF8-83D1E48CC825} <, >
[]
  {53707962-6F74-2D53-2644-206D7942484F} <, >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[SharePoint Export Database Launcher]
  {62B4D041-4667-40B6-BB50-4BC0A5043A73} <C:\PROGRA~1\MICROS~2\Office12\OWSSUPP.DLL, (Signed) Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[SharePoint OpenDocuments Class]
  {9203C2CB-1DC1-482D-967E-597AFF270F0D} <C:\PROGRA~1\MICROS~2\Office12\OWSSUPP.DLL, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[SharePoint Stssync Handler]
  {BDEADEF5-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\Office12\OWSSUPP.DLL, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D27CDB6E-AE6D-11CF-96B8-444553550000} <, >
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >
[Microsoft Silverlight]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll, (Signed)  Microsoft Corporation>
[NameCtrl Class]
  {E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} <C:\Program Files\Microsoft Office\Office12\NAME.DLL, (Signed) Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[E&xportovat do aplikace Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 636 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 692 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 948 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1028 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1124 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\Program Files\WinMedicalc\Oracle\oci.dll]  [Oracle Corporation, 10.2.0.1.0]
    [C:\Program Files\WinMedicalc\Oracle\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1204 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1320 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1404 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\LFXPJL2K.DLL]  [N/A, ]
[PID: 1516 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1596 / SYSTEM][C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll]  [ESET, 3.0.695 ]
[PID: 1624 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.160.1]
    [C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 1680 / SYSTEM][C:\Program Files\NetTime\NeTmSvNT.exe]  [Subjective Software, 2.0.7.51]
[PID: 512 / chir-lekar][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\BROWSEUI.dll]  [Společnost Microsoft, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL]  [N/A, ]
    [C:\Program Files\7-Zip\7-zip.dll]  [Igor Pavlov,  4.60 beta]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll]  [Sun Microsystems, Inc., 3.01]
    [C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll]  [STLport Consulting, Inc., 4.5.2003.0120]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.3.2.163]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 616 / SYSTEM][C:\WINDOWS\system32\LFXGDIPO.exe]  [N/A, ]
[PID: 1304 / chir-lekar][C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll]  [ESET, 3.0.695 ]
[PID: 1724 / chir-lekar][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 2160 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 2240 / chir-lekar][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.2.3]
    [C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.2.3]
    [C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.6.16.1]
    [C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
    [C:\Program Files\Mozilla Firefox\js3250.dll]  [N/A, ]
    [C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.8.3]
    [C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.6.2 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.6.2 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.6.2]
    [C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.8.3]
    [C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.8.3]
    [C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.6.2 Basic ECC]
    [C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.2.3]
    [C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.2.3]
    [C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.2.3]
    [C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\PNRComponent.dll]  [Skype Technologies S.A., 2, 0, 0, 3928]
    [C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll]  [Skype Technologies S.A., 1, 0, 2, 3920]
    [C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll]  [Skype Technologies S.A., 1, 0, 0, 3928]
    [C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.4.6 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.4.6 Basic ECC]
    [C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.4.6 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.78]
    [C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll]  [, ]
    [C:\WINDOWS\system32\browseui.dll]  [Společnost Microsoft, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2228 / chir-lekar][C:\WINDOWS\system32\notepad.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 1096 / chir-lekar][C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.2.1321]
[PID: 552 / chir-lekar][C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\sreng2\SRE40dcdd72.EXE]  [Smallfrogs Studio, 2.8.2.1321]
    [C:\Documents and Settings\chir-lekar.MNCASLAV\Plocha\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
Process Privileges Scan
N/A

==================================
Scheduled Tasks
N/A

==================================
Windows Security Update Check
 Microsoft .NET Framework 1.1, česky 
KB925850,  Windows Media Player 11 
KB940157,  Služba Windows Search 4.0 pro systém Windows XP (KB940157) 
KB909520,  Balíček Základní zprostředkovatel kryptografických služeb společnosti Microsoft pro čipové karty: x86 (KB909520) 
KB963678,  Aktualizace pro nápovědu aplikace Microsoft Office Excel 2007 (KB963678) 
KB963669,  Aktualizace pro nápovědu aplikace Microsoft Office PowerPoint 2007 (KB963669) 
KB963665,  Aktualizace pro nápovědu aplikace Microsoft Office Word 2007 (KB963665) 
KB951847,  Aktualizace Microsoft .NET Framework 3.5 Service Pack 1 a .NET Framework 3.5 Family Update (KB951847) x86 
KB951847,  Office Live Add-in 1.4 
KB944036,  Aplikace Internet Explorer 8 pro systém Windows XP 
KB943729,  Rozšíření předvoleb zásad skupiny pro klientskou část pro systém Windows XP (KB943729) 
KB931125,  Aktualizace pro kořenové certifikáty [listopad 2009] (KB931125) 
KB974561,  Aktualizace aplikace Microsoft Office Word 2007 (KB974561) 
KB971513,  Aktualizace systému Windows XP (KB971513) 
KB971513,  Windows Live Essentials 

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


*******************************
MBR z C:/
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
********************************
MBR přes comand line:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#10 Příspěvek od Kryšpín »

DDS (Ver_10-03-17.01) - NTFSx86
Run by chir-lekar at 17:05:06,59 on st 12.05.2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1584 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetTime\NeTmSvNT.exe
C:\WINDOWS\system32\LFXGDIPO.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\chir-lekar.MNCASLAV\plocha\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://portal
uSearch Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
uDefault_Page_URL = hxxp://portal
mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mLocal Page = %SystemRoot%\system32\blank.htm
mStart Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
uInternet Connection Wizard,ShellNext = hxxp://windowsupdate.microsoft.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
mCustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
uURLSearchHooks: Microsoft Url Search Hook: {cfbfae00-17a6-11d0-99cb-00c04fd64497} - c:\windows\system32\ieframe.dll
mWinlogon: Shell=Explorer.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe,
mWinlogon: UIHost=logonui.exe
mWinlogon: SFCDisable=0 (0x0)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Tip d&ne: {4d5c8c25-d075-11d0-b416-00c04fb90376} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] ; c:\windows\system32\ctfmon.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe ARM] ; "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Alcmtr] ; ALCMTR.EXE
mRun: [HotKeysCmds] ; c:\windows\system32\hkcmd.exe
mRun: [IgfxTray] ; c:\windows\system32\igfxtray.exe
mRun: [NetTime] ; c:\program files\nettime\NetTime.exe
mRun: [Persistence] ; c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] ; RTHDCPL.EXE
mRun: [SkyTel] ; SkyTel.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoDriveTypeAutoRun = 323 (0x143)
uPolicies-explorer: NoDriveAutoRun = 67108863 (0x3ffffff)
uPolicies-system: DisableRegistryTools = 0 (0x0)
mPolicies-explorer: HonorAutoRunSetting = 1 (0x1)
mPolicies-explorer: NoDriveAutoRun = 67108863 (0x3ffffff)
mPolicies-explorer: NoDriveTypeAutoRun = 323 (0x143)
mPolicies-system: dontdisplaylastusername = 0 (0x0)
mPolicies-system: legalnoticecaption =
mPolicies-system: legalnoticetext =
mPolicies-system: shutdownwithoutlogon = 1 (0x1)
mPolicies-system: undockwithoutlogon = 1 (0x1)
dPolicies-explorer: NoDriveTypeAutoRun = 323 (0x143)
dPolicies-explorer: NoDriveAutoRun = 67108863 (0x3ffffff)
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SystemRoot%\system32\mswsock.dll
LSP: %SystemRoot%\system32\rsvpsp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227294162531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - c:\windows\system32\urlmon.dll
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} -
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - c:\progra~1\common~1\micros~1\office12\MSOXMLMF.DLL
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - c:\windows\system32\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - c:\windows\system32\msvidctl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\common~1\system\oledb~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\common~1\system\oledb~1\MSDAIPP.DLL
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\common~1\system\oledb~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\common~1\system\oledb~1\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\common~1\system\oledb~1\MSDAIPP.DLL
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\program files\common files\microsoft shared\help\hxds.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\common~1\system\oledb~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\common~1\system\oledb~1\MSDAIPP.DLL
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} -
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - c:\windows\system32\wiascr.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Notify: crypt32chain - crypt32.dll
Notify: cryptnet - cryptnet.dll
Notify: cscdll - cscdll.dll
Notify: dimsntfy - c:\windows\system32\dimsntfy.dll
Notify: igfxcui - igfxdev.dll
Notify: ScCertProp - wlnotify.dll
Notify: Schedule - wlnotify.dll
Notify: sclgntfy - sclgntfy.dll
Notify: SensLogn - WlNotify.dll
Notify: termsrv - wlnotify.dll
Notify: WgaLogon - WgaLogon.dll
Notify: wlballoon - wlnotify.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - c:\windows\system32\stobject.dll
STS: Browseui preloader: {438755c2-a8ba-11d1-b96b-00a0c90312e1} - %SystemRoot%\system32\browseui.dll
STS: Proces mezipaměti kategorií součástí: {8c7461ef-2b13-11d2-be35-3078302c2030} - %SystemRoot%\system32\browseui.dll
SEH: URL Exec Hook: {aeb6717e-7e19-11d0-97ee-00c04fd91972} - shell32.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
LSA: Authentication Packages = msv1_0
LSA: Notification Packages = scecli
SubSystems: Windows = basesrv
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\msnetmtg.inf,NetMtg.Install.PerUser.NT
mASetup: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\msmsgs.inf,BLC.QuietInstall.PerUser
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\wmp.inf,PerUserStub
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - c:\windows\system32\ie4uinit.exe -BaseSettings
mASetup: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - c:\windows\system32\ieudinit.exe
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - c:\windows\inf\unregmp2.exe /ShowWMP
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - c:\windows\system32\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
mASetup: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chir-l~1.mnc\dataap~1\mozilla\firefox\profiles\d8j2jph8.default\
FF - component: c:\documents and settings\chir-lekar.mncaslav\data aplikací\mozilla\firefox\profiles\d8j2jph8.default\extensions\{d1e06b91-60e6-4492-af9f-53043fa32716}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\chir-lekar.mncaslav\data aplikací\mozilla\firefox\profiles\d8j2jph8.default\extensions\{d1e06b91-60e6-4492-af9f-53043fa32716}\components\RadioWMPCore.dll
FF - component: c:\program files\mozilla firefox\components\browserdirprovider.dll
FF - component: c:\program files\mozilla firefox\components\brwsrcmp.dll
FF - component: c:\program files\mozilla firefox\extensions\{b13721c7-f507-4982-b2e5-502a71474fed}\components\NPComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\{b13721c7-f507-4982-b2e5-502a71474fed}\components\PNRComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\windows media player\npdrmv2.dll
FF - plugin: c:\program files\windows media player\npdsplay.dll
FF - plugin: c:\program files\windows media player\npwmsdrm.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome.manifest
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\install.rdf
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome\content\ffjcext\ffjcext.js
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome\content\ffjcext\ffjcext.xul
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome\locale\de-de\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome\locale\en-us\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome\locale\es-es\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome\locale\fr-fr\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome\locale\it-it\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome\locale\ja-jp\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome\locale\ko-kr\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome\locale\sv-se\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome\locale\zh-cn\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0016-abcdeffedcba}\chrome\locale\zh-tw\ffjcext\ffjcext.dtd

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

---- Add-ons/Extensions Installed ----

Default
Java Console
Java Quick Starter
ScrapBook
Skype extension for Firefox
TheFreeDictionarycom Toolbar

============= SERVICES / DRIVERS ===============

R0 ACPI;Microsoft ACPI Driver;c:\windows\system32\drivers\acpi.sys [2008-4-14 188288]
R0 atapi;Standardní řadič disku IDE/ESDI;c:\windows\system32\drivers\atapi.sys [2008-4-14 96512]
R0 Disk;Ovladač disku;c:\windows\system32\drivers\disk.sys [2008-4-14 36352]
R0 dmio;Ovladač správce logických disků;c:\windows\system32\drivers\dmio.sys [2008-4-14 153856]
R0 dmload;dmload;c:\windows\system32\drivers\dmload.sys [2007-10-29 5888]
R0 FltMgr;FltMgr;c:\windows\system32\drivers\fltMgr.sys [2008-11-21 129792]
R0 Ftdisk;Ovladač správce svazků;c:\windows\system32\drivers\ftdisk.sys [2007-10-29 125184]
R0 isapnp;Řadič Plug and Play sběrnice ISA/EISA;c:\windows\system32\drivers\isapnp.sys [2008-4-14 37248]
R0 KSecDD;KSecDD;c:\windows\system32\drivers\ksecdd.sys [2008-4-14 92928]
R0 MountMgr;MountMgr;c:\windows\system32\drivers\mountmgr.sys [2008-4-14 42368]
R0 Mup;Služba Multiple UNC Provider;c:\windows\system32\drivers\mup.sys [2008-4-14 105344]
R0 NDIS;Systémový ovladač NDIS;c:\windows\system32\drivers\ndis.sys [2008-4-14 182656]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA;c:\windows\system32\drivers\ohci1394.sys [2008-4-14 61696]
R0 PartMgr;PartMgr;c:\windows\system32\drivers\partmgr.sys [2008-4-14 19712]
R0 PCI;Řadič sběrnice PCI;c:\windows\system32\drivers\pci.sys [2008-4-14 68736]
R0 PCIIde;PCIIde;c:\windows\system32\drivers\pciide.sys [2007-10-29 3328]
R0 sr;Ovladač filtru Obnovy systému;c:\windows\system32\drivers\sr.sys [2008-11-21 73344]
R0 VolSnap;VolSnap;c:\windows\system32\drivers\volsnap.sys [2008-4-14 52480]
R1 AFD;AFD;c:\windows\system32\drivers\afd.sys [2008-4-14 138496]
R1 Beep;Beep;c:\windows\system32\drivers\beep.sys [2007-10-29 4224]
R1 Cdrom;Ovladač jednotky CD-ROM;c:\windows\system32\drivers\cdrom.sys [2008-4-14 62976]
R1 easdrv;easdrv;c:\windows\system32\drivers\easdrv.sys [2008-8-18 54184]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-8-18 35168]
R1 Fips;Fips;c:\windows\system32\drivers\fips.sys [2008-4-14 44544]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;c:\windows\system32\drivers\i8042prt.sys [2008-4-14 52096]
R1 intelppm;Řadič procesoru Intel;c:\windows\system32\drivers\intelppm.sys [2008-4-14 40192]
R1 IPSec;Ovladač IPSEC;c:\windows\system32\drivers\ipsec.sys [2008-4-14 75264]
R1 Kbdclass;Ovladač třídy klávesnic;c:\windows\system32\drivers\kbdclass.sys [2008-4-14 24576]
R1 mnmdd;mnmdd;c:\windows\system32\drivers\mnmdd.sys [2007-10-29 4224]
R1 Mouclass;Ovladač třídy myší;c:\windows\system32\drivers\mouclass.sys [2008-4-14 23040]
R1 MRxSmb;MRXSMB;c:\windows\system32\drivers\mrxsmb.sys [2008-4-14 455680]
R1 Msfs;Msfs;c:\windows\system32\drivers\msfs.sys [2008-4-14 19072]
R1 NetBIOS;Rozhraní NetBIOS;c:\windows\system32\drivers\netbios.sys [2008-4-14 34688]
R1 NetBT;Rozhraní NetBios nad protokolem TCP/IP;c:\windows\system32\drivers\netbt.sys [2008-4-14 162816]
R1 Npfs;Npfs;c:\windows\system32\drivers\npfs.sys [2008-4-14 30848]
R1 Null;Null;c:\windows\system32\drivers\null.sys [2007-10-29 2944]
R1 RasAcd;Ovladač automatického připojení pomocí vzdáleného přístupu;c:\windows\system32\drivers\rasacd.sys [2007-10-29 8832]
R1 Rdbss;Rdbss;c:\windows\system32\drivers\rdbss.sys [2008-4-14 175744]
R1 RDPCDD;RDPCDD;c:\windows\system32\drivers\rdpcdd.sys [2007-10-29 4224]
R1 redbook;Digital CD Audio Playback Filter Driver;c:\windows\system32\drivers\redbook.sys [2008-11-21 58496]
R1 Serial;Ovladač sériového portu;c:\windows\system32\drivers\serial.sys [2008-4-14 64256]
R1 Tcpip;Ovladač protokolu TCP/IP;c:\windows\system32\drivers\tcpip.sys [2008-4-14 361600]
R1 TermDD;Ovladač terminálového zařízení;c:\windows\system32\drivers\termdd.sys [2008-11-21 40840]
R1 VgaSave;VgaSave;c:\windows\system32\drivers\vga.sys [2008-4-14 20992]
R2 AudioSrv;Zvuk systému Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 CryptSvc;CryptSvc;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 DcomLaunch;Spouštěč procesů serveru DCOM;c:\windows\system32\svchost -k dcomlaunch --> c:\windows\system32\svchost -k DcomLaunch [?]
R2 Dhcp;Klient DHCP;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 dmserver;Správce logických disků;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Dnscache;Klient DNS;c:\windows\system32\svchost.exe -k NetworkService [2008-4-14 14336]
R2 eamon;EAMON;c:\windows\system32\drivers\eamon.sys [2008-8-18 40824]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-8-18 472280]
R2 ERSvc;Zasílání zpráv o chybách;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Eventlog;Protokol událostí;c:\windows\system32\services.exe [2008-4-14 111104]
R2 helpsvc;Nápověda a odborná pomoc;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\java\jre6\bin\jqs.exe [2009-12-7 153376]
R2 LanmanServer;Server;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 lanmanworkstation;Pracovní stanice;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 LmHosts;Podpora rozhraní NetBIOS nad protokolem TCP/IP;c:\windows\system32\svchost.exe -k LocalService [2008-4-14 14336]
R2 Netlogon;Přihlašování k síti;c:\windows\system32\lsass.exe [2008-4-14 13312]
R2 NetTimeSvc;NetTime;c:\program files\nettime\NeTmSvNT.exe [2003-1-31 452096]
R2 PlugPlay;Plug and Play;c:\windows\system32\services.exe [2008-4-14 111104]
R2 PolicyAgent;Služby IPSEC;c:\windows\system32\lsass.exe [2008-4-14 13312]
R2 ProtectedStorage;Chráněné úložiště;c:\windows\system32\lsass.exe [2008-4-14 13312]
R2 RemoteRegistry;Vzdálený registr;c:\windows\system32\svchost.exe -k LocalService [2008-4-14 14336]
R2 RpcSs;Vzdálené volání procedur (RPC);c:\windows\system32\svchost -k rpcss --> c:\windows\system32\svchost -k rpcss [?]
R2 SamSs;Správce zabezpečení účtů;c:\windows\system32\lsass.exe [2008-4-14 13312]
R2 seclogon;Secondary Logon;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 SENS;Oznamování systémových událostí;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 SharedAccess;Brána Firewall / Sdílení připojení k Internetu (ICS);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 ShellHWDetection;Rozpoznávání hardwaru;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Schedule;Plánovač úloh;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Spooler;Zařazování tisku;c:\windows\system32\spoolsv.exe [2008-4-14 57856]
R2 srservice;Služba obnovení systému;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Themes;Motivy;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 TrkWks;Klient služby sledování distribuovaných propojení;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 W32Time;Systémový čas;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 WebClient;Webový klient;c:\windows\system32\svchost.exe -k LocalService [2008-4-14 14336]
R2 winmgmt;Služba WMI;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 wuauserv;Automatické aktualizace;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 WZCSVC;Automatická konfigurace bezdrátových zařízení;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 ALG;Služba brány aplikačního rozhraní;c:\windows\system32\alg.exe [2008-4-14 44544]
R3 audstub;Prázdný zvukový ovladač;c:\windows\system32\drivers\audstub.sys [2008-11-21 3072]
R3 EventSystem;Systém událostí modelu COM+;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 Gpc;Obecné třídění paketů;c:\windows\system32\drivers\msgpc.sys [2008-4-14 35072]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio;c:\windows\system32\drivers\hdaudbus.sys [2008-4-13 144384]
R3 HTTP;HTTP;c:\windows\system32\drivers\http.sys [2008-4-14 265728]
R3 ialm;ialm;c:\windows\system32\drivers\igxpmp32.sys [2009-10-1 5760096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);c:\windows\system32\drivers\RtkHDAud.sys [2009-10-1 4405248]
R3 IpNat;IP Network Address Translator;c:\windows\system32\drivers\ipnat.sys [2008-4-14 152832]
R3 MRxDAV;Přesměrovač klienta WebDav;c:\windows\system32\drivers\mrxdav.sys [2008-4-14 180608]
R3 mssmbios;Ovladač Microsoft System Management BIOS;c:\windows\system32\drivers\mssmbios.sys [2008-4-14 15488]
R3 NdisTapi;Ovladač Remote Access NDIS TAPI;c:\windows\system32\drivers\ndistapi.sys [2008-4-14 10112]
R3 Ndisuio;Protokol NDIS uživatelského režimu V/V;c:\windows\system32\drivers\ndisuio.sys [2008-4-14 14592]
R3 NdisWan;Ovladač Remote Access NDIS WAN;c:\windows\system32\drivers\ndiswan.sys [2008-4-14 91520]
R3 NDProxy;Služba NDIS Proxy;c:\windows\system32\drivers\ndproxy.sys [2008-4-14 40576]
R3 Netman;Síťová připojení;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 Nla;Sledování umístění v síti (NLA);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 PptpMiniport;WAN Miniport (PPTP);c:\windows\system32\drivers\raspptp.sys [2008-4-14 48384]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-4-14 69120]
R3 Ptilink;Direct Parallel Link Driver;c:\windows\system32\drivers\ptilink.sys [2007-10-29 17792]
R3 Rasl2tp;WAN Miniport (L2TP);c:\windows\system32\drivers\rasl2tp.sys [2008-4-14 51328]
R3 RasMan;Správce vzdáleného přístupu;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 RasPppoe;Remote Access PPPOE Driver;c:\windows\system32\drivers\raspppoe.sys [2008-4-14 41472]
R3 Raspti;Přímé propojení paralelním kabelem;c:\windows\system32\drivers\raspti.sys [2007-10-29 16512]
R3 rdpdr;Ovladač přesměrovače zařízení terminálového serveru;c:\windows\system32\drivers\rdpdr.sys [2008-11-21 196224]
R3 RDPWD;RDPWD;c:\windows\system32\drivers\rdpwd.sys [2008-11-21 139656]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver;c:\windows\system32\drivers\Rtenicxp.sys [2009-10-1 115328]
R3 serenum;Ovladač filtru Serenum;c:\windows\system32\drivers\serenum.sys [2008-4-14 15744]
R3 Srv;Srv;c:\windows\system32\drivers\srv.sys [2008-4-14 353792]
R3 SSDPSRV;Služba rozpoznávání pomocí protokolu SSDP;c:\windows\system32\svchost.exe -k LocalService [2008-4-14 14336]
R3 swenum;Softwarový ovladač sběrnice;c:\windows\system32\drivers\swenum.sys [2008-4-14 4352]
R3 sysaudio;Microsoft Kernel System Audio Device;c:\windows\system32\drivers\sysaudio.sys [2009-10-1 60800]
R3 TapiSrv;Telefonní subsystém;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 TDTCP;TDTCP;c:\windows\system32\drivers\tdtcp.sys [2008-11-21 21896]
R3 TermService;Terminálová služba;c:\windows\system32\svchost -k dcomlaunch --> c:\windows\system32\svchost -k DComLaunch [?]
R3 Update;Ovladač aktualizace mikrokódu;c:\windows\system32\drivers\update.sys [2008-4-14 384768]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;c:\windows\system32\drivers\usbccgp.sys [2008-4-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0;c:\windows\system32\drivers\usbehci.sys [2008-4-14 30208]
R3 usbhub;Rozbočovač umožnující USB2;c:\windows\system32\drivers\usbhub.sys [2008-4-14 59520]
R3 usbprint;Třída USB Printer;c:\windows\system32\drivers\usbprint.sys [2009-11-3 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft;c:\windows\system32\drivers\usbuhci.sys [2009-10-1 20608]
R3 Wanarp;Ovladač Remote Access IP ARP;c:\windows\system32\drivers\wanarp.sys [2008-4-14 34560]
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;c:\windows\system32\drivers\wdmaud.sys [2009-10-1 83072]
R4 Cdfs;Cdfs;c:\windows\system32\drivers\cdfs.sys [2008-4-14 63744]
R4 Ntfs;Ntfs;c:\windows\system32\drivers\ntfs.sys [2008-4-14 574976]
S1 Cdaudio;Cdaudio;c:\windows\system32\drivers\cdaudio.sys [2001-8-17 18688]
S1 Fdc;Fdc;c:\windows\system32\drivers\fdc.sys [2008-4-14 27392]
S1 Flpydisk;Flpydisk;c:\windows\system32\drivers\flpydisk.sys [2008-4-14 20480]
S1 Changer;Changer; [x]
S1 i2omgmt;i2omgmt; [x]
S1 Imapi;CD-Burning Filter Driver;c:\windows\system32\drivers\imapi.sys [2008-4-14 42112]
S1 kbdhid;Ovladač klávesnice standardu HID;c:\windows\system32\drivers\kbdhid.sys [2008-4-14 14592]
S1 lbrtfdc;lbrtfdc; [x]
S1 PCIDump;PCIDump; [x]
S1 Processor;Ovladač procesoru;c:\windows\system32\drivers\processr.sys [2008-4-14 39680]
S1 Sfloppy;Sfloppy;c:\windows\system32\drivers\sfloppy.sys [2008-4-14 11392]
S2 Browser;Prohledávání počítačů;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 wscsvc;Centrum zabezpečení;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 aec;Microsoft Kernel Acoustic Echo Canceller;c:\windows\system32\drivers\aec.sys [2009-10-1 142592]
S3 AppMgmt;Správa aplikací;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 Arp1394;Protokol 1394 ARP Client;c:\windows\system32\drivers\arp1394.sys [2008-4-14 60800]
S3 AsyncMac;Ovladač asynchronních médií připojení RAS;c:\windows\system32\drivers\asyncmac.sys [2008-4-14 14336]
S3 Atmarpc;Protokol ATM ARP Client;c:\windows\system32\drivers\atmarpc.sys [2008-4-14 59904]
S3 BITS;Služba inteligentního přenosu na pozadí;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 catchme;catchme;\??\c:\docume~1\chir-l~1.mnc\locals~1\temp\catchme.sys --> c:\docume~1\chir-l~1.mnc\locals~1\temp\catchme.sys [?]
S3 CiSvc;Indexing Service;c:\windows\system32\cisvc.exe [2008-4-14 5632]
S3 ClipSrv;Síťová schránka;c:\windows\system32\clipsrv.exe [2008-4-14 33280]
S3 COMSysApp;Systémové aplikace modelu COM+;c:\windows\system32\dllhost.exe [2008-4-14 5120]
S3 dmadmin;Služba správy pro Správce logických disků;c:\windows\system32\dmadmin.exe [2008-4-14 225280]
S3 DMusic;Syntezátor Microsoft Kernel DLS;c:\windows\system32\drivers\DMusic.sys [2009-10-1 52864]
S3 Dot3svc;Automatická konfigurace pevné sítě;c:\windows\system32\svchost.exe -k dot3svc [2008-4-14 14336]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler;c:\windows\system32\drivers\drmkaud.sys [2009-10-1 2944]
S3 EapHost;Služba EAP (Extensible Authentication Protocol);c:\windows\system32\svchost.exe -k eapsvcs [2008-4-14 14336]
S3 EhttpSrv;Eset HTTP Server;c:\program files\eset\eset nod32 antivirus\EHttpSrv.exe [2009-10-7 20680]
S3 FastUserSwitchingCompatibility;Kompatibilita pro rychlé přepínání uživatelů;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 hidusb;Ovladač třídy standardu HID;c:\windows\system32\drivers\hidusb.sys [2008-4-14 10368]
S3 hkmsvc;Služba Správa klíčů a certifikátů stavu;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 HTTPFilter;HTTP SSL;c:\windows\system32\svchost.exe -k HTTPFilter [2008-4-14 14336]
S3 ImapiService;Služba modelu COM pro zápis na disk CD (IMAPI);c:\windows\system32\imapi.exe [2008-4-14 150528]
S3 Ip6Fw;Ovladač IPv6 brány firewall systému Windows;c:\windows\system32\drivers\ip6fw.sys [2008-4-14 36608]
S3 IpFilterDriver;IP Traffic Filter Driver;c:\windows\system32\drivers\ipfltdrv.sys [2007-10-29 32896]
S3 IpInIp;IP in IP Tunnel Driver;c:\windows\system32\drivers\ipinip.sys [2008-4-14 20864]
S3 IRENUM;Služba čítače výčtu IR;c:\windows\system32\drivers\irenum.sys [2008-11-21 11264]
S3 kmixer;Směšovač Microsoft Kernel Wave Audio Mixer;c:\windows\system32\drivers\kmixer.sys [2009-10-1 172416]
S3 mnmsrvc;NetMeeting - Vzdálené sdílení plochy;c:\windows\system32\mnmsrvc.exe [2008-11-21 32768]
S3 Modem;Modem;c:\windows\system32\drivers\modem.sys [2008-4-14 30080]
S3 motmodem;Motorola USB CDC ACM Driver;c:\windows\system32\drivers\motmodem.sys [2009-11-9 23680]
S3 mouhid;Ovladač myši standardu HID;c:\windows\system32\drivers\mouhid.sys [2001-10-24 12160]
S3 MSDTC;Koordinátor DTC;c:\windows\system32\msdtc.exe [2008-11-21 6144]
S3 MSIServer;Windows Installer;c:\windows\system32\msiexec.exe [2008-4-14 78848]
S3 MSKSSRV;Microsoft Streaming Service Proxy;c:\windows\system32\drivers\MSKSSRV.sys [2009-10-1 7552]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;c:\windows\system32\drivers\MSPCLOCK.sys [2009-10-1 5376]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;c:\windows\system32\drivers\MSPQM.sys [2009-10-1 4992]
S3 napagent;Agent architektury NAP (Network Access Protection);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 NIC1394;1394 Net Driver;c:\windows\system32\drivers\nic1394.sys [2008-4-14 61824]
S3 NtLmSsp;Zprostředkovatel zabezpečení NT LM;c:\windows\system32\lsass.exe [2008-4-14 13312]
S3 NtmsSvc;Vyměnitelné úložiště;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 NwlnkFlt;IPX Traffic Filter Driver;c:\windows\system32\drivers\nwlnkflt.sys [2007-10-29 12416]
S3 NwlnkFwd;IPX Traffic Forwarder Driver;c:\windows\system32\drivers\nwlnkfwd.sys [2007-10-29 32512]
S3 odserv;Microsoft Office Diagnostics Service;c:\program files\common files\microsoft shared\office12\ODSERV.EXE [2008-11-4 441712]
S3 ose;Office Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2006-10-26 145184]
S3 Parport;Ovladač paralelního portu;c:\windows\system32\drivers\parport.sys [2008-4-14 80000]
S3 PDCOMP;PDCOMP; [x]
S3 PDFRAME;PDFRAME; [x]
S3 PDRELI;PDRELI; [x]
S3 PDRFRAME;PDRFRAME; [x]
S3 RasAuto;Správce automatického připojení pomocí vzdáleného přístupu;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 RDSessMgr;Správce relací nápovědy ke vzdálené ploše;c:\windows\system32\sessmgr.exe [2008-11-21 141824]
S3 RpcLocator;Lokátor vzdáleného volání procedur (RPC);c:\windows\system32\locator.exe [2008-4-14 75264]
S3 RSVP;QoS RSVP;c:\windows\system32\rsvp.exe [2007-10-29 132608]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\RTL8139.sys [2008-11-21 20992]
S3 SCardSvr;Smart Card;c:\windows\system32\scardsvr.exe [2008-4-14 97792]
S3 Secdrv;Secdrv;c:\windows\system32\drivers\secdrv.sys [2008-4-13 20480]
S3 splitter;Microsoft Kernel Audio Splitter;c:\windows\system32\drivers\splitter.sys [2009-10-1 6272]
S3 stisvc;Načítání obrázků (WIA);c:\windows\system32\svchost.exe -k imgsvc [2008-4-14 14336]
S3 swmidi;Microsoft Kernel GS Wavetable Synthesizer;c:\windows\system32\drivers\swmidi.sys [2009-10-1 56576]
S3 SwPrv;MS Software Shadow Copy Provider;c:\windows\system32\dllhost.exe [2008-4-14 5120]
S3 SysmonLog;Výstrahy a protokolování výkonu;c:\windows\system32\smlogsvc.exe [2008-4-14 90112]
S3 TDPIPE;TDPIPE;c:\windows\system32\drivers\tdpipe.sys [2008-11-21 12040]
S3 TlntSvr;Telnet;c:\windows\system32\tlntsvr.exe [2008-4-14 73728]
S3 upnphost;Hostitel zařízení UPnP;c:\windows\system32\svchost.exe -k LocalService [2008-4-14 14336]
S3 UPS;Nepřerušitelný zdroj napájení (UPS);c:\windows\system32\ups.exe [2008-4-14 18432]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;c:\windows\system32\drivers\usbohci.sys [2008-4-14 17152]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;c:\windows\system32\drivers\USBSTOR.SYS [2008-11-21 26368]
S3 VSS;Stínová kopie svazku;c:\windows\system32\vssvc.exe [2008-4-14 290816]
S3 Wdf01000;Wdf01000;c:\windows\system32\drivers\wdf01000.sys [2006-11-2 492000]
S3 WDICA;WDICA; [x]
S3 WmdmPmSN;Služba sériového čísla přenosného zařízení;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 Wmi;Rozšíření ovladače WMI;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 WmiApSrv;Adaptér výkonu služby WMI;c:\windows\system32\wbem\wmiapsrv.exe [2008-11-21 126464]
S3 xmlprov;Služba pro síťová ustanovení;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 Abiosdsk;Abiosdsk; [x]
S4 abp480n5;abp480n5; [x]
S4 ACPIEC;ACPIEC;c:\windows\system32\drivers\acpiec.sys [2007-10-29 11776]
S4 adpu160m;adpu160m; [x]
S4 Aha154x;Aha154x; [x]
S4 aic78u2;aic78u2; [x]
S4 aic78xx;aic78xx; [x]
S4 Alerter;Výstrahy;c:\windows\system32\svchost.exe -k LocalService [2008-4-14 14336]
S4 AliIde;AliIde; [x]
S4 amsint;amsint; [x]
S4 asc;asc; [x]
S4 asc3350p;asc3350p; [x]
S4 asc3550;asc3550; [x]
S4 Atdisk;Atdisk; [x]
S4 cbidf2k;cbidf2k;c:\windows\system32\drivers\cbidf2k.sys [2007-10-29 13952]
S4 cd20xrnt;cd20xrnt; [x]
S4 CmdIde;CmdIde; [x]
S4 Cpqarray;Cpqarray; [x]
S4 dac960nt;dac960nt; [x]
S4 dmboot;dmboot;c:\windows\system32\drivers\dmboot.sys [2008-4-14 800000]
S4 dpti2o;dpti2o; [x]
S4 Fastfat;Fastfat;c:\windows\system32\drivers\fastfat.sys [2008-4-14 143744]
S4 HidServ;Přístup k zařízením standardu HID;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 hpn;hpn; [x]
S4 i2omp;i2omp; [x]
S4 ini910u;ini910u; [x]
S4 IntelIde;IntelIde; [x]
S4 Messenger;Kurýrní služba;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 mraid35x;mraid35x; [x]
S4 NetDDE;Služba DDE v síti;c:\windows\system32\netdde.exe [2008-4-14 111616]
S4 NetDDEdsdm;Správce DSDM služby DDE v síti;c:\windows\system32\netdde.exe [2008-4-14 111616]
S4 ParVdm;ParVdm;c:\windows\system32\drivers\parvdm.sys [2007-10-29 6784]
S4 Pcmcia;Pcmcia;c:\windows\system32\drivers\pcmcia.sys [2008-4-14 120064]
S4 perc2;perc2; [x]
S4 perc2hib;perc2hib; [x]
S4 ql1080;ql1080; [x]
S4 Ql10wnt;Ql10wnt; [x]
S4 ql12160;ql12160; [x]
S4 ql1240;ql1240; [x]
S4 ql1280;ql1280; [x]
S4 RemoteAccess;Směrování a vzdálený přístup;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 Simbad;Simbad; [x]
S4 Sparrow;Sparrow; [x]
S4 sym_hi;sym_hi; [x]
S4 sym_u3;sym_u3; [x]
S4 symc810;symc810; [x]
S4 symc8xx;symc8xx; [x]
S4 TosIde;TosIde; [x]
S4 Udfs;Udfs;c:\windows\system32\drivers\udfs.sys [2008-4-14 66048]
S4 ultra;ultra; [x]
S4 ViaIde;ViaIde; [x]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS;c:\windows\system32\drivers\ws2ifsl.sys [2007-10-29 12032]

============== File Associations ===============

batfile="%1" %*
chm.file="c:\windows\hh.exe" %1
cmdfile="%1" %*
comfile="%1" %*
exefile="%1" %*
inffile=%SystemRoot%\System32\NOTEPAD.EXE %1
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1
JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
piffile="%1" %*
regedit=regedit.exe %1
regfile=regedit.exe "%1"
scrfile="%1" /S
txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-05-12 14:52:37 77312 ----a-w- C:\mbr.exe
2010-05-12 13:40:18 0 dc-h--w- c:\windows\$NtUninstallKB978542$
2010-05-10 20:54:43 0 d-s---w- C:\abraka
2010-05-10 16:03:33 9638 ----a-w- C:\Qoobox.zip
2010-05-09 19:22:23 211 ----a-w- C:\Boot.bak
2010-05-09 19:22:20 261312 ----a-w- C:\cmldr
2010-05-09 19:22:17 0 d-sha-r- C:\cmdcons
2010-05-09 19:19:11 77312 ----a-w- c:\windows\MBR.exe
2010-05-09 19:19:11 31232 ----a-w- c:\windows\NIRCMD.exe
2010-05-09 19:19:09 256512 ----a-w- c:\windows\PEV.exe
2010-05-09 19:19:09 161792 ----a-w- c:\windows\SWREG.exe
2010-05-09 19:19:08 98816 ----a-w- c:\windows\sed.exe
2010-05-09 19:19:08 80412 ----a-w- c:\windows\grep.exe
2010-05-09 19:19:08 68096 ----a-w- c:\windows\zip.exe
2010-05-09 19:19:07 212480 ----a-w- c:\windows\SWXCACLS.exe
2010-05-09 19:19:07 136704 ----a-w- c:\windows\SWSC.exe
2010-05-09 19:18:53 0 d-----w- c:\windows\ERDNT
2010-05-09 19:17:39 0 d-----w- C:\Qoobox
2010-05-07 20:07:29 0 d-----w- C:\rsit
2010-05-05 18:55:25 0 d-----w- c:\docume~1\alluse~1\dataap~1\Spybot - Search & Destroy
2010-05-05 18:54:57 0 d-----w- c:\windows\pss
2010-05-05 18:54:05 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-05-05 18:52:46 0 d---a-w- c:\docume~1\alluse~1\dataap~1\TEMP
2010-05-05 16:37:11 0 d-----w- c:\program files\Crawler
2010-04-28 11:21:07 0 d-----w- c:\documents and settings\all users\Studio14Trial
2010-04-28 10:36:10 2013892704 ----a-w- C:\PinnacleStudio14Trial.exe
2010-04-21 05:11:27 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-20 06:46:03 0 d-----w- c:\program files\Zeallsoft
2010-04-16 17:59:40 0 d-----w- c:\program files\common files\Adobe
2010-04-16 17:59:40 0 d-----w- c:\program files\Adobe
2010-04-15 13:28:06 0 dc-h--w- c:\windows\$NtUninstallKB979683$
2010-04-15 13:27:57 0 dc-h--w- c:\windows\$NtUninstallKB980232$
2010-04-15 13:27:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-15 13:27:52 0 dc-h--w- c:\windows\$NtUninstallKB979402_WM9$
2010-04-15 13:27:13 0 dc-h--w- c:\windows\$NtUninstallKB981349$
2010-04-15 13:27:06 0 dc-h--w- c:\windows\$NtUninstallKB978338$
2010-04-15 13:26:59 0 dc-h--w- c:\windows\$NtUninstallKB977816$
2010-04-13 21:48:09 0 dc-h--w- c:\windows\$NtUninstallKB978601$
2010-04-13 21:48:03 0 dc-h--w- c:\windows\$NtUninstallKB979309$

==================== Find3M ====================

2010-05-12 15:05:03 49152 ---ha-w- c:\documents and settings\chir-lekar.mncaslav\ntuser.dat.LOG
2010-05-12 15:03:07 1570834 ----a-w- c:\windows\WindowsUpdate.log
2010-05-12 14:53:16 2048 --s-a-w- c:\windows\bootstat.dat
2010-05-12 14:53:13 2145386496 --sha-w- C:\pagefile.sys
2010-05-12 13:41:16 32578 ----a-w- c:\windows\SchedLgU.Txt
2010-05-12 13:41:15 3932160 ---ha-w- c:\documents and settings\chir-lekar.mncaslav\NTUSER.DAT
2010-05-12 13:40:24 738297 ----a-w- c:\windows\iis6.log
2010-05-12 13:40:24 642816 ----a-w- c:\windows\FaxSetup.log
2010-05-12 13:40:24 45142 ----a-w- c:\windows\MedCtrOC.log
2010-05-12 13:40:24 40340 ----a-w- c:\windows\ocmsn.log
2010-05-12 13:40:24 33016 ----a-w- c:\windows\tabletoc.log
2010-05-12 13:40:24 32559 ----a-w- c:\windows\msgsocm.log
2010-05-12 13:40:24 319144 ----a-w- c:\windows\ocgen.log
2010-05-12 13:40:24 303508 ----a-w- c:\windows\tsoc.log
2010-05-12 13:40:24 225791 ----a-w- c:\windows\comsetup.log
2010-05-12 13:40:24 135513 ----a-w- c:\windows\ntdtcsetup.log
2010-05-12 13:40:24 113765 ----a-w- c:\windows\netfxocm.log
2010-05-12 13:40:23 209734 ----a-w- c:\windows\msmqinst.log
2010-05-12 13:39:38 178 --sh--w- c:\documents and settings\chir-lekar.mncaslav\ntuser.ini
2010-05-10 04:57:17 281 --sha-r- C:\boot.ini
2010-05-01 13:46:56 751563 ----a-w- c:\windows\setupapi.log
2010-04-30 18:51:06 32058312 ----a-w- c:\windows\system32\MRT.exe
2010-04-26 05:35:25 88544 ----a-w- c:\windows\inf\oem15.PNF
2010-04-26 05:35:25 68754 ----a-w- c:\windows\inf\oem17.PNF
2010-04-26 05:35:25 12606 ----a-w- c:\windows\inf\oem19.PNF
2010-04-26 05:35:24 88012 ----a-w- c:\windows\inf\oem8.PNF
2010-04-26 05:35:24 11992 ----a-w- c:\windows\inf\oem16.PNF
2010-04-26 05:35:24 11184 ----a-w- c:\windows\inf\oem18.PNF
2010-04-26 05:32:27 4676 ----a-w- c:\windows\inf\branches.PNF
2010-04-26 05:32:27 1553392 ----a-w- c:\windows\inf\INFCACHE.1
2010-04-15 15:55:04 10677 ----a-w- c:\windows\spupdsvc.log
2010-04-15 13:27:56 9512 ----a-w- c:\windows\wmsetup.log
2010-04-13 21:48:12 65235 ----a-w- c:\windows\updspapi.log
2010-04-01 07:43:18 723102 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-04-01 07:43:18 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-04-01 07:43:18 40836 ----a-w- c:\windows\system32\perfc009.dat
2010-04-01 07:43:18 314508 ----a-w- c:\windows\system32\perfh009.dat
2010-04-01 07:43:18 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-03-31 13:20:24 98835 ----a-w- c:\windows\KB980182-IE7.log
2010-03-24 07:35:42 9808 ----a-w- c:\windows\EventSystem.log
2010-03-19 16:05:50 4874240 ----a-w- c:\windows\system32\wmp.dll
2010-03-10 14:03:44 6462 ----a-w- c:\windows\KB975561.log
2010-03-10 13:17:46 389120 ----a-w- c:\windows\system32\html.iec
2010-03-10 13:17:16 70656 ----a-w- c:\windows\system32\ie4uinit.exe
2010-03-10 13:17:16 13824 ----a-w- c:\windows\system32\ieudinit.exe
2010-03-09 11:11:23 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 23:25:47 3786 ----a-w- c:\windows\KB979306.log
2010-02-24 23:25:47 217930 ----a-w- c:\windows\system32\TZLog.log
2010-02-23 05:18:28 161792 ----a-w- c:\windows\system32\ieakui.dll
2010-02-20 17:46:27 62380 ----a-w- c:\windows\inf\font.PNF
2010-02-16 19:08:57 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08:57 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35:01 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-11-04 13:19:50 13826 ----a-w- c:\windows\inf\oem12.PNF
2009-11-04 13:19:47 44964 ----a-w- c:\windows\inf\printupg.PNF
2009-11-04 13:19:45 1317460 ----a-w- c:\windows\inf\ntprint.PNF
2009-11-03 09:02:04 61308 ----a-w- c:\windows\inf\msnetmtg.PNF
2009-11-03 09:00:48 5492 ----a-w- c:\windows\inf\usbprint.PNF
2009-10-02 06:57:03 465292 ----a-w- c:\windows\inf\intl.PNF
2009-10-01 15:14:45 24696 ----a-w- c:\windows\inf\ksfilter.PNF
2009-10-01 15:14:44 240260 ----a-w- c:\windows\inf\oem9.PNF
2009-10-01 15:14:41 93340 ----a-w- c:\windows\inf\ks.PNF
2009-10-01 15:14:41 45016 ----a-w- c:\windows\inf\wdmaudio.PNF
2009-10-01 15:14:22 108468 ----a-w- c:\windows\inf\monitor.PNF
2009-10-01 15:14:15 10654 ----a-w- c:\windows\inf\oem7.PNF
2009-10-01 15:13:53 9248 ----a-w- c:\windows\inf\oem6.PNF
2009-10-01 15:13:51 6768 ----a-w- c:\windows\inf\oem5.PNF
2009-10-01 15:13:46 10346 ----a-w- c:\windows\inf\oem4.PNF
2009-10-01 15:13:44 5672 ----a-w- c:\windows\inf\oem3.PNF
2009-10-01 15:13:38 221928 ----a-w- c:\windows\inf\oem2.PNF
2009-08-06 18:22:18 57552 ----a-w- c:\windows\inf\wuau.adm
2008-11-24 21:31:01 3788 ----a-w- c:\windows\inf\minioc.PNF
2008-11-21 19:48:24 38104 ----a-w- c:\windows\inf\usbstor.PNF
2008-11-21 18:56:04 11098 ----a-w- c:\windows\inf\oem1.PNF
2008-11-21 18:55:57 4440 ----a-w- c:\windows\inf\ieaccess.PNF
2008-11-21 18:55:43 1612 ----a-w- c:\windows\inf\ieaccess.inf
2008-11-21 18:45:34 139136 ----a-w- c:\windows\inf\sapi5.PNF
2008-11-21 18:41:33 7548 ----a-w- c:\windows\inf\msnmsn.PNF
2008-11-21 17:57:09 222468 ----a-w- c:\windows\inf\drvindex.PNF
2008-11-21 17:57:09 17704 ----a-w- c:\windows\inf\fp40ext.PNF
2008-11-21 17:57:09 101948 ----a-w- c:\windows\inf\syssetup.PNF
2008-11-21 17:57:06 21368 ----a-w- c:\windows\inf\wab50.PNF
2008-11-21 17:57:05 57572 ----a-w- c:\windows\inf\wmp.PNF
2008-11-21 17:57:04 87736 ----a-w- c:\windows\inf\msmsgs.PNF
2008-11-21 17:57:04 36124 ----a-w- c:\windows\inf\msoe50.PNF
2008-11-21 17:57:02 16784 ----a-w- c:\windows\inf\wordpad.PNF
2008-11-21 17:57:02 1056884 ----a-w- c:\windows\inf\LAYOUT.PNF
2008-10-20 03:35:42 559370 ----a-w- c:\windows\inf\oem2.inf
2008-04-14 09:49:42 411768 ----a-w- c:\windows\inf\layout.inf
2008-04-14 08:16:02 51902 ----a-w- c:\windows\inf\accessor.inf
2008-04-14 08:16:02 239806 ----a-w- c:\windows\inf\tsoc.inf
2008-04-14 08:16:02 16216 ----a-w- c:\windows\inf\wordpad.inf
2008-04-14 08:16:02 11802 ----a-w- c:\windows\inf\multimed.inf
2008-04-14 08:16:00 858162 ----a-w- c:\windows\inf\iis.inf
2008-04-14 08:16:00 102002 ----a-w- c:\windows\inf\fxsocm.inf
2008-04-13 21:15:00 1498978 ----a-w- c:\windows\inf\ntprint.inf
2008-04-13 21:14:26 925108 ----a-w- c:\windows\inf\intl.inf
2008-04-13 21:13:44 67899 ----a-w- c:\windows\inf\drvindex.inf
2008-04-13 21:13:26 48046 ----a-w- c:\windows\inf\biosinfo.inf
2008-03-28 20:33:26 16034 ----a-w- c:\windows\inf\fp40ext.inf
2007-11-02 14:53:32 8015 ----a-w- c:\windows\inf\oem19.inf
2007-11-02 14:49:52 7095 ----a-w- c:\windows\inf\oem16.inf
2007-11-02 14:48:08 5921 ----a-w- c:\windows\inf\oem18.inf
2007-11-02 14:48:04 51833 ----a-w- c:\windows\inf\oem17.inf
2007-11-02 14:38:58 103869 ----a-w- c:\windows\inf\oem15.inf
2007-10-15 19:27:40 1803734 ----a-w- c:\windows\inf\system.adm
2007-10-04 08:12:30 39158 ----a-w- c:\windows\inf\iem\0405\inetset.iem
2007-10-04 08:12:28 2417894 ----a-w- c:\windows\inf\inetres.adm
2007-10-04 08:12:22 14026 ----a-w- c:\windows\inf\iem\0405\inetcorp.iem
2007-08-09 17:32:43 6151 ----a-w- c:\windows\inf\oem6.inf
2007-08-09 17:32:42 5873 ----a-w- c:\windows\inf\oem4.inf
2007-08-09 17:32:42 3970 ----a-w- c:\windows\inf\oem5.inf
2007-08-09 17:32:39 5876 ----a-w- c:\windows\inf\oem7.inf
2007-08-09 17:32:37 3722 ----a-w- c:\windows\inf\oem3.inf
2007-07-09 23:51:58 16944 ----a-w- c:\windows\inf\oem12.inf
2007-04-16 06:16:58 67595 ----a-w- c:\windows\inf\oem8.inf
2007-03-14 16:13:20 69570 ----a-w- c:\windows\inf\wmplayer.adm
2007-03-14 16:06:30 19177 ----a-w- c:\windows\inf\inetset.adm
2007-03-14 16:04:02 41300 ----a-w- c:\windows\inf\conf.adm
2007-01-08 11:17:20 36782 ----a-w- c:\windows\inf\AER_1029.ADM
2006-12-21 08:30:00 160283 ----a-w- c:\windows\inf\oem9.inf
2006-08-24 07:35:04 5484 ----a-w- c:\windows\inf\oem1.inf
2007-10-29 12:00:00 48680 --sha-w- c:\windows\winnt.bmp
2007-10-29 12:00:00 48680 --sha-w- c:\windows\winnt256.bmp
2008-11-21 17:53:34 67 --sha-w- c:\windows\fonts\desktop.ini
2008-04-14 08:05:50 2880966 --sha-r- c:\windows\pchealth\helpctr\packagestore\instance_Professional_32_1029.cab
2008-11-21 17:53:12 783 --sha-r- c:\windows\pchealth\helpctr\packagestore\package_1.cab
2008-11-21 17:53:12 20362 --sha-r- c:\windows\pchealth\helpctr\packagestore\package_2.cab
2008-11-21 17:53:12 246755 --sha-r- c:\windows\pchealth\helpctr\packagestore\package_3.cab
2007-10-29 12:00:00 7068 --sha-r- c:\windows\pchealth\helpctr\packagestore\package_4.cab
2007-03-14 16:05:32 354884 --sha-r- c:\windows\pchealth\helpctr\packagestore\package_5.cab
2008-11-21 18:45:13 62 --sha-w- c:\windows\system32\config\systemprofile\data aplikací\desktop.ini
2008-11-21 17:57:04 2568 --sha-w- c:\windows\system32\config\systemprofile\data aplikací\microsoft\internet explorer\Desktop.htt
2008-11-21 17:57:10 125 --sha-w- c:\windows\system32\config\systemprofile\data aplikací\microsoft\internet explorer\quick launch\desktop.ini
2008-11-21 18:59:17 81 --sha-w- c:\windows\system32\config\systemprofile\dokumenty\desktop.ini
2008-11-21 18:59:17 186 --sha-w- c:\windows\system32\config\systemprofile\dokumenty\hudba\Desktop.ini
2008-11-21 18:59:17 279 --sha-w- c:\windows\system32\config\systemprofile\dokumenty\obrázky\Desktop.ini
2009-10-01 10:07:18 62 --sha-w- c:\windows\system32\config\systemprofile\local settings\desktop.ini
2008-11-21 18:59:20 67 --sha-w- c:\windows\system32\config\systemprofile\local settings\data aplikací\microsoft\feeds cache\desktop.ini
2008-11-21 19:02:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\data aplikací\microsoft\feeds cache\index.dat
2008-11-21 18:59:20 67 --sha-w- c:\windows\system32\config\systemprofile\local settings\data aplikací\microsoft\feeds cache\beall32t\desktop.ini
2008-11-21 18:59:20 67 --sha-w- c:\windows\system32\config\systemprofile\local settings\data aplikací\microsoft\feeds cache\ca36ymgx\desktop.ini
2008-11-21 18:59:20 67 --sha-w- c:\windows\system32\config\systemprofile\local settings\data aplikací\microsoft\feeds cache\k9f8tadq\desktop.ini
2008-11-21 18:59:20 67 --sha-w- c:\windows\system32\config\systemprofile\local settings\data aplikací\microsoft\feeds cache\qn5qhloq\desktop.ini
2009-10-02 06:28:04 145 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\desktop.ini
2009-10-02 06:28:04 145 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\desktop.ini
2009-11-03 09:00:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009110320091104\index.dat
2009-10-02 06:28:04 67 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\desktop.ini
2009-10-02 06:28:04 67 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\desktop.ini
2009-10-02 06:28:04 67 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\m6joofod\desktop.ini
2009-10-02 06:28:04 67 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\n4of67lq\desktop.ini
2009-10-02 06:28:04 67 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\uok8cpij\desktop.ini
2009-10-02 06:28:04 67 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\yujyi3iv\desktop.ini
2008-11-21 18:45:13 62 --sha-w- c:\windows\system32\config\systemprofile\nabídka start\desktop.ini
2008-11-21 17:57:10 231 --sha-w- c:\windows\system32\config\systemprofile\nabídka start\programy\desktop.ini
2008-11-21 17:54:03 84 --sha-w- c:\windows\system32\config\systemprofile\nabídka start\programy\po spuštění\desktop.ini
2008-11-21 17:57:06 576 --sha-w- c:\windows\system32\config\systemprofile\nabídka start\programy\příslušenství\desktop.ini
2008-11-21 17:54:03 293 --sha-w- c:\windows\system32\config\systemprofile\nabídka start\programy\příslušenství\usnadnění\desktop.ini
2008-11-21 17:54:03 84 --sha-w- c:\windows\system32\config\systemprofile\nabídka start\programy\příslušenství\zábava\desktop.ini
2008-11-21 17:57:10 122 --sha-w- c:\windows\system32\config\systemprofile\oblíbené položky\Desktop.ini
2008-11-21 17:57:10 150 --sha-w- c:\windows\system32\config\systemprofile\recent\Desktop.ini
2008-11-21 17:52:56 188 --sha-w- c:\windows\system32\config\systemprofile\sendto\desktop.ini
2006-12-28 23:31:32 19569 --sh--r- c:\windows\system32\restore\filelist.xml
2009-11-03 09:01:20 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-10-02 06:57:08 145 --sh--w- c:\windows\temp\history\history.ie5\desktop.ini
2009-11-03 09:01:20 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-10-02 06:57:08 67 --sh--w- c:\windows\temp\temporary internet files\content.ie5\desktop.ini
2009-11-03 09:01:20 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-10-02 06:57:08 67 --sh--w- c:\windows\temp\temporary internet files\content.ie5\1x5y86as\desktop.ini
2009-10-02 06:57:08 67 --sh--w- c:\windows\temp\temporary internet files\content.ie5\5fzfc33t\desktop.ini
2009-10-02 06:57:08 67 --sh--w- c:\windows\temp\temporary internet files\content.ie5\9po9qpmr\desktop.ini
2009-10-02 06:57:08 67 --sh--w- c:\windows\temp\temporary internet files\content.ie5\a0n6ny1i\desktop.ini

============= FINISH: 17:05:15,59 ===============

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#11 Příspěvek od Kryšpín »

Děkuji, ještě nežli to udělám a vymažu, se zeptátm na toto, dle správce sítě by tem neměl být nastaven proxy server, s určitostí

v logu HijackThis je ale tenhle řádek
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
a v registrech je totéž
a ten server je nejspíše funkční (dá se pingnout, nevím jak jinak ověřit jeho existenci ani funkci)

když jsem to zkusil odstranit přes HijackThis a následně po neúspěchu i vymazáním přímo z registru, tak po restartu se to vždy obnoví. V nastaveních sítě v IE ani FF to není nastavené.

Předpokládám, že to něco musí vytvářet? Ale nezjistil jsem co.
děkuji

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#12 Příspěvek od Kryšpín »

Naughty píše:Ahoj,

opet pozde ale prece :-(

>>>Ahoj. Já jsem se k tomu dostal taky pozdě ;-)


Jestli nemas odisntalovany spybot odinstaluj ho.

>>> nenašel jsem ho, nejspíše je odinstalovaný

znas?
C:\Program Files\NetTime\NeTmSvNT.exe

>>> nějaký program na synchonizaci času, raději jsme ho odstranil. (může se kdykoliv znovu instalovat)

na virustotal.com otestuj soubor:
C:\WINDOWS\system32\LFXGDIPO.exe

>>>zkusil jsem to, snad je tohle odkaz na výsledek?
http://www.virustotal.com/cs/analisis/a ... 1262621081

>>> zatím to skenuje, vložím to až po dokončení
>>>Tak to vytvořilo tento log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4103

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

15.5.2010 15:15:50
mbam-log-2010-05-15 (15-15-50).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 265313
Uplynulý čas: 25 minuta(y), 1 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\chir-lekar.MNCASLAV\Local Settings\Temporary Internet Files\Content.IE5\QLY438NA\n002102318801r0005J10000601R7788992eWfcf04c2aX62e8a545Y29092afdZ03003f360[1] (Rogue.AntiSpywareSoft) -> No action taken.


:arrow: Proved uplny scan pomoci MBAM - navod: http://www.viry.cz/forum/viewtopic.php?f=29&t=67229 , pred smazanim vloz obsah logu k posouzeni. Ma jeste nejake false detekce, at nahodou nesmaze co nema
Naposledy upravil(a) Kryšpín dne 15 kvě 2010 14:28, celkem upraveno 1 x.

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#13 Příspěvek od Kryšpín »

Teď jsem si uvědomil, že i když asi sledujete tohle vlákno, tak se vám nejspíše nezobrazí, že jsem doplnil ten log do příspěvku výše. Omlouvám se, že mi to nedošlo a proto tento post.

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#14 Příspěvek od Kryšpín »

Nález od MBAM jsem vymazal, a fixnul to (ten proxyserver) v HijackThis. V dalším scanu ihned po fixnutí ta položka není. Po restartu je tam zpět. Nezlobte se, že je to s takovýmito přestávkami ale tenhle komp si domů odnést nemohu a vpráci jsme měli docela dost napilno.

Jinak se zdánlivě neděje nic, komp pracuje normálně. Ale ten proxy tam asi nebude jen tak pro nic za nic.

Kryšpín
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 16 pro 2004 09:39

Re: Padá net, nelze odeslat HijackThis log mailem

#15 Příspěvek od Kryšpín »

Nevím jestli je to to, co potřebuješ, ale dám to sem
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 7.0; Win32)"
"IE5_UA_Backup_Flag"="5.0"
"NoNetAutodial"=dword:00000000
"MigrateProxy"=dword:00000001
"EmailName"="IEUser@"
"AutoConfigProxy"="wininet.dll"
"MimeExclusionListForCache"="multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "
"WarnOnPost"=hex:01,00,00,00
"UseSchannelDirectly"=hex:01,00,00,00
"EnableHttp1_1"=dword:00000001
"PrivacyAdvanced"=dword:00000000
"EnableNegotiate"=dword:00000001
"ProxyEnable"=dword:00000000
"UrlEncoding"=dword:00000000
"SecureProtocols"=dword:000000a0
"PrivDiscUiShown"=dword:00000001
"ZonesSecurityUpgradeDone"=dword:00000001
"DisableCachingOfSSLPages"=dword:00000000
"WarnonZoneCrossing"=dword:00000000
"CertificateRevocation"=dword:00000000
"GlobalUserOffline"=dword:00000000
"ProxyOverride"="<local>"
"EnableAutodial"=dword:00000000
"ProxyServer"="http=127.0.0.1:5555"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]
"Signature"="Client UrlCache MMF Ver 5.2"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix"=""
"CacheLimit"=dword:00e8e035

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix"="Cookie:"
"CacheLimit"=dword:00002000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat]
"CachePath"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,\
00,74,00,69,00,6e,00,67,00,73,00,5c,00,44,00,61,00,74,00,61,00,20,00,61,00,\
70,00,6c,00,69,00,6b,00,61,00,63,00,ed,00,5c,00,4d,00,69,00,63,00,72,00,6f,\
00,73,00,6f,00,66,00,74,00,5c,00,46,00,65,00,65,00,64,00,73,00,20,00,43,00,\
61,00,63,00,68,00,65,00,00,00
"CachePrefix"="feedplat:"
"CacheLimit"=dword:00002000
"CacheOptions"=dword:00000000
"CacheRepair"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010051720100524]
"CachePath"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,\
00,74,00,69,00,6e,00,67,00,73,00,5c,00,48,00,69,00,73,00,74,00,6f,00,72,00,\
79,00,5c,00,48,00,69,00,73,00,74,00,6f,00,72,00,79,00,2e,00,49,00,45,00,35,\
00,5c,00,4d,00,53,00,48,00,69,00,73,00,74,00,30,00,31,00,32,00,30,00,31,00,\
30,00,30,00,35,00,31,00,37,00,32,00,30,00,31,00,30,00,30,00,35,00,32,00,34,\
00,00,00
"CachePrefix"=":2010051720100524: "
"CacheLimit"=dword:00002000
"CacheOptions"=dword:0000000b
"CacheRepair"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010052420100531]
"CachePath"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,\
00,74,00,69,00,6e,00,67,00,73,00,5c,00,48,00,69,00,73,00,74,00,6f,00,72,00,\
79,00,5c,00,48,00,69,00,73,00,74,00,6f,00,72,00,79,00,2e,00,49,00,45,00,35,\
00,5c,00,4d,00,53,00,48,00,69,00,73,00,74,00,30,00,31,00,32,00,30,00,31,00,\
30,00,30,00,35,00,32,00,34,00,32,00,30,00,31,00,30,00,30,00,35,00,33,00,31,\
00,00,00
"CachePrefix"=":2010052420100531: "
"CacheLimit"=dword:00002000
"CacheOptions"=dword:0000000b
"CacheRepair"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010053120100607]
"CachePath"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,\
00,74,00,69,00,6e,00,67,00,73,00,5c,00,48,00,69,00,73,00,74,00,6f,00,72,00,\
79,00,5c,00,48,00,69,00,73,00,74,00,6f,00,72,00,79,00,2e,00,49,00,45,00,35,\
00,5c,00,4d,00,53,00,48,00,69,00,73,00,74,00,30,00,31,00,32,00,30,00,31,00,\
30,00,30,00,35,00,33,00,31,00,32,00,30,00,31,00,30,00,30,00,36,00,30,00,37,\
00,00,00
"CachePrefix"=":2010053120100607: "
"CacheLimit"=dword:00002000
"CacheOptions"=dword:0000000b
"CacheRepair"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010060720100608]
"CachePath"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,\
00,74,00,69,00,6e,00,67,00,73,00,5c,00,48,00,69,00,73,00,74,00,6f,00,72,00,\
79,00,5c,00,48,00,69,00,73,00,74,00,6f,00,72,00,79,00,2e,00,49,00,45,00,35,\
00,5c,00,4d,00,53,00,48,00,69,00,73,00,74,00,30,00,31,00,32,00,30,00,31,00,\
30,00,30,00,36,00,30,00,37,00,32,00,30,00,31,00,30,00,30,00,36,00,30,00,38,\
00,00,00
"CachePrefix"=":2010060720100608: "
"CacheLimit"=dword:00002000
"CacheOptions"=dword:0000000b
"CacheRepair"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData]
"CachePath"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,55,00,73,00,65,00,72,00,44,00,61,00,74,00,61,00,00,\
00
"CachePrefix"="UserData"
"CacheLimit"=dword:000003e8
"CacheOptions"=dword:00000008
"CacheRepair"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix"="Visited:"
"CacheLimit"=dword:00002000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
"Persistent"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Content]
"CacheLimit"=dword:00e8e035

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Cookies]
"CacheLimit"=dword:00002000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\History]
"CacheLimit"=dword:00002000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings"=hex:46,00,00,00,07,00,00,00,01,00,00,00,13,00,00,\
00,68,74,74,70,3d,31,32,37,2e,30,2e,30,2e,31,3a,35,35,35,35,07,00,00,00,3c,\
6c,6f,63,61,6c,3e,00,00,00,00,00,00,00,00,00,00,00,00,00,26,ea,db,06,4c,c9,\
01,01,00,00,00,c0,a8,58,09,00,00,00,00,00,00,00,00,00,00,00,00
"SavedLegacySettings"=hex:46,00,00,00,1e,03,00,00,01,00,00,00,13,00,00,00,68,\
74,74,70,3d,31,32,37,2e,30,2e,30,2e,31,3a,35,35,35,35,07,00,00,00,3c,6c,6f,\
63,61,6c,3e,00,00,00,00,00,00,00,00,00,00,00,00,00,26,ea,db,06,4c,c9,01,01,\
00,00,00,c0,a8,58,09,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
@=""
"DisplayName"="My Computer"
"Description"="Your computer"
"Icon"="explorer.exe#0100"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000003
"1201"=dword:00000003
"1206"=dword:00000000
"1207"=dword:00000003
"1400"=dword:00000001
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000000
"1407"=dword:00000001
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000000
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000000
"1805"=dword:00000000
"1806"=dword:00000000
"1807"=dword:00000000
"1808"=dword:00000000
"1809"=dword:00000003
"180D"=dword:00000000
"1A00"=dword:00000000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000003
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=dword:00000000
"1E05"=dword:00030000
"2000"=dword:00010000
"2100"=dword:00000003
"2101"=dword:00000003
"2102"=dword:00000003
"2200"=dword:00000003
"2201"=dword:00000003
"PMDisplayName"="My Computer [Protected Mode]"
"LowIcon"="inetcpl.cpl#005422"
"1208"=dword:00000003
"1209"=dword:00000003
"120A"=dword:00000003
"1408"=dword:00000003
"160A"=dword:00000000
"180A"=dword:00000000
"180C"=dword:00000000
"2301"=dword:00000003
"2103"=dword:00000003
"2104"=dword:00000003
"2105"=dword:00000003
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2600"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
@=""
"DisplayName"="Local intranet"
"Description"="This zone contains all Web sites that are on your organization's intranet."
"Icon"="shell32.dll#0018"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000143
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000003
"1201"=dword:00000003
"1206"=dword:00000000
"1207"=dword:00000003
"1400"=dword:00000001
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000001
"1407"=dword:00000001
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000000
"1806"=dword:00000000
"1807"=dword:00000000
"1808"=dword:00000000
"1809"=dword:00000003
"180D"=dword:00000000
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000003
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=dword:00000000
"1E05"=dword:00030000
"2000"=dword:00010000
"2100"=dword:00000003
"2101"=dword:00000003
"2102"=dword:00000003
"2200"=dword:00000003
"2201"=dword:00000003
"PMDisplayName"="Local intranet [Protected Mode]"
"LowIcon"="inetcpl.cpl#005423"
"1208"=dword:00000003
"1209"=dword:00000003
"120A"=dword:00000003
"1408"=dword:00000003
"160A"=dword:00000003
"180A"=dword:00000000
"180C"=dword:00000000
"2301"=dword:00000003
"2103"=dword:00000003
"2104"=dword:00000003
"2105"=dword:00000003
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2600"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
@=""
"DisplayName"="Trusted sites"
"Description"="This zone contains Web sites that you trust not to damage your computer or data."
"Icon"="inetcpl.cpl#00004480"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000003
"1201"=dword:00000003
"1206"=dword:00000003
"1207"=dword:00000003
"1400"=dword:00000001
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000001
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000003
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000001
"1806"=dword:00000001
"1807"=dword:00000001
"1808"=dword:00000000
"1809"=dword:00000003
"180D"=dword:00000000
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000003
"1A05"=dword:00000001
"1A06"=dword:00000000
"1A10"=dword:00000001
"1C00"=dword:00000000
"1E05"=dword:00020000
"2000"=dword:00010000
"2100"=dword:00000003
"2101"=dword:00000003
"2102"=dword:00000003
"2200"=dword:00000003
"2201"=dword:00000003
"PMDisplayName"="Trusted sites [Protected Mode]"
"LowIcon"="inetcpl.cpl#005424"
"1208"=dword:00000003
"1209"=dword:00000003
"120A"=dword:00000003
"1408"=dword:00000003
"160A"=dword:00000003
"180A"=dword:00000003
"180C"=dword:00000000
"2301"=dword:00000000
"2103"=dword:00000003
"2104"=dword:00000003
"2105"=dword:00000003
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2600"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
@=""
"DisplayName"="Internet"
"Description"="This zone contains all Web sites you haven't placed in other zones"
"Icon"="inetcpl.cpl#001313"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000003
"1201"=dword:00000003
"1206"=dword:00000003
"1207"=dword:00000003
"1400"=dword:00000001
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000001
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000003
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000001
"1806"=dword:00000001
"1807"=dword:00000001
"1808"=dword:00000000
"1809"=dword:00000000
"180D"=dword:00000001
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000003
"1A05"=dword:00000001
"1A06"=dword:00000000
"1A10"=dword:00000001
"1C00"=dword:00000000
"1E05"=dword:00030000
"2000"=dword:00010000
"2100"=dword:00000003
"2101"=dword:00000003
"2102"=dword:00000003
"2200"=dword:00000003
"2201"=dword:00000003
"PMDisplayName"="Internet [Protected Mode]"
"LowIcon"="inetcpl.cpl#005425"
"1208"=dword:00000003
"1209"=dword:00000003
"120A"=dword:00000003
"1408"=dword:00000003
"160A"=dword:00000003
"180A"=dword:00000003
"180C"=dword:00000003
"2301"=dword:00000000
"2103"=dword:00000003
"2104"=dword:00000003
"2105"=dword:00000003
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2600"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
@=""
"DisplayName"="Restricted sites"
"Description"="This zone contains Web sites that could potentially damage your computer or data."
"Icon"="inetcpl.cpl#00004481"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1001"=dword:00000003
"1004"=dword:00000003
"1200"=dword:00000003
"1201"=dword:00000003
"1206"=dword:00000003
"1207"=dword:00000003
"1400"=dword:00000003
"1402"=dword:00000003
"1405"=dword:00000003
"1406"=dword:00000003
"1407"=dword:00000003
"1601"=dword:00000001
"1604"=dword:00000003
"1605"=dword:00000000
"1606"=dword:00000003
"1607"=dword:00000003
"1608"=dword:00000003
"1609"=dword:00000001
"1800"=dword:00000003
"1802"=dword:00000001
"1803"=dword:00000003
"1804"=dword:00000003
"1805"=dword:00000001
"1806"=dword:00000003
"1807"=dword:00000001
"1808"=dword:00000000
"1809"=dword:00000000
"180B"=dword:00000003
"180D"=dword:00000001
"1A00"=dword:00010000
"1A02"=dword:00000003
"1A03"=dword:00000003
"1A04"=dword:00000003
"1A05"=dword:00000003
"1A06"=dword:00000003
"1A10"=dword:00000003
"1C00"=dword:00000000
"1E05"=dword:00030000
"2000"=dword:00000003
"2100"=dword:00000003
"2101"=dword:00000003
"2102"=dword:00000003
"2200"=dword:00000003
"2201"=dword:00000003
"PMDisplayName"="Restricted sites [Protected Mode]"
"LowIcon"="inetcpl.cpl#005426"
"1208"=dword:00000003
"1209"=dword:00000003
"120A"=dword:00000003
"1408"=dword:00000003
"160A"=dword:00000003
"180A"=dword:00000003
"180C"=dword:00000003
"2301"=dword:00000000
"2103"=dword:00000003
"2104"=dword:00000003
"2105"=dword:00000003
"2400"=dword:00000003
"2401"=dword:00000003
"2402"=dword:00000003
"2600"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\DAMap]
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High]
"1400"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) "=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
@=""
"ProxyByPass"=dword:00000001
"IntranetName"=dword:00000001
"UNCAsIntranet"=dword:00000001
"AutoDetect"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\*.update]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@=""
"http"=dword:00000003
"https"=dword:00000003
"ftp"=dword:00000003
"file"=dword:00000003
"@ivt"=dword:00000001
"shell"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
@=""
"SelfHealCount"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
@=""
"DisplayName"="My Computer"
"Description"="Your computer"
"Icon"="explorer.exe#0100"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1001"=dword:00000000
"1004"=dword:00000000
"1200"=dword:00000000
"1201"=dword:00000001
"1206"=dword:00000000
"1207"=dword:00000000
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000000
"1407"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000000
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000000
"1805"=dword:00000000
"1806"=dword:00000000
"1807"=dword:00000000
"1808"=dword:00000000
"1809"=dword:00000003
"180D"=dword:00000000
"1A00"=dword:00000000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=dword:00020000
"1E05"=dword:00030000
"2100"=dword:00000000
"2101"=dword:00000003
"2102"=dword:00000000
"2200"=dword:00000000
"2201"=dword:00000000
"2300"=dword:00000001
"2000"=dword:00000000
"PMDisplayName"="My Computer [Protected Mode]"
"LowIcon"="inetcpl.cpl#005422"
"1208"=dword:00000000
"1209"=dword:00000000
"120A"=dword:00000000
"1408"=dword:00000000
"160A"=dword:00000000
"180A"=dword:00000000
"180C"=dword:00000000
"2301"=dword:00000003
"2103"=dword:00000000
"2104"=dword:00000000
"2105"=dword:00000000
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2600"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
@=""
"DisplayName"="Local intranet"
"Description"="This zone contains all Web sites that are on your organization's intranet."
"Icon"="shell32.dll#0018"
"CurrentLevel"=dword:00000000
"MinLevel"=dword:00010000
"RecommendedLevel"=dword:00010500
"Flags"=dword:000001db
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000000
"1201"=dword:00000003
"1206"=dword:00000000
"1207"=dword:00000000
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000001
"1407"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000000
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000000
"1806"=dword:00000000
"1807"=dword:00000000
"1808"=dword:00000000
"1809"=dword:00000003
"180D"=dword:00000000
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=dword:00020000
"1E05"=dword:00020000
"2100"=dword:00000000
"2101"=dword:00000000
"2102"=dword:00000000
"2200"=dword:00000000
"2201"=dword:00000000
"2300"=dword:00000001
"2000"=dword:00000000
"PMDisplayName"="Local intranet [Protected Mode]"
"LowIcon"="inetcpl.cpl#005423"
"1208"=dword:00000000
"1209"=dword:00000000
"120A"=dword:00000003
"1408"=dword:00000000
"160A"=dword:00000000
"180A"=dword:00000000
"180C"=dword:00000000
"2301"=dword:00000003
"2103"=dword:00000000
"2104"=dword:00000000
"2105"=dword:00000000
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2600"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
@=""
"DisplayName"="Trusted sites"
"Description"="This zone contains Web sites that you trust not to damage your computer or data."
"Icon"="inetcpl.cpl#00004480"
"CurrentLevel"=dword:00000000
"MinLevel"=dword:00010000
"RecommendedLevel"=dword:00010000
"Flags"=dword:00000047
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000000
"1201"=dword:00000003
"1206"=dword:00000003
"1207"=dword:00000000
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000001
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000003
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000001
"1806"=dword:00000001
"1807"=dword:00000000
"1808"=dword:00000000
"1809"=dword:00000000
"180D"=dword:00000000
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000003
"1A05"=dword:00000001
"1A06"=dword:00000000
"1A10"=dword:00000000
"1C00"=dword:00010000
"1E05"=dword:00020000
"2100"=dword:00000000
"2101"=dword:00000001
"2102"=dword:00000003
"2200"=dword:00000003
"2201"=dword:00000003
"2300"=dword:00000001
"2000"=dword:00000000
"PMDisplayName"="Trusted sites [Protected Mode]"
"LowIcon"="inetcpl.cpl#005424"
"1208"=dword:00000000
"1209"=dword:00000003
"120A"=dword:00000003
"1408"=dword:00000000
"160A"=dword:00000000
"180A"=dword:00000003
"180C"=dword:00000000
"2301"=dword:00000000
"2103"=dword:00000000
"2104"=dword:00000000
"2105"=dword:00000000
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2600"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
@=""
"DisplayName"="Internet"
"Description"="This zone contains all Web sites you haven't placed in other zones"
"Icon"="inetcpl.cpl#001313"
"CurrentLevel"=dword:00011500
"MinLevel"=dword:00011000
"RecommendedLevel"=dword:00011000
"Flags"=dword:00000001
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000000
"1201"=dword:00000003
"1206"=dword:00000003
"1207"=dword:00000003
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000001
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000003
"1608"=dword:00000000
"1609"=dword:00000001
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000001
"1806"=dword:00000001
"1807"=dword:00000001
"1808"=dword:00000000
"1809"=dword:00000000
"180D"=dword:00000001
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000003
"1A05"=dword:00000001
"1A06"=dword:00000000
"1A10"=dword:00000001
"1C00"=dword:00010000
"1E05"=dword:00020000
"2100"=dword:00000000
"2101"=dword:00000000
"2102"=dword:00000003
"2200"=dword:00000003
"2201"=dword:00000003
"2300"=dword:00000001
"2000"=dword:00000000
"{AEBA21FA-782A-4A90-978D-B72164C80120}"=hex:1a,37,61,59,23,52,35,0c,7a,5f,20,\
17,2f,1e,1a,19,0e,2b,01,73,1e,28,1a,04,1b,0c,3b,c2,21,27,53,0d,36,05,2c,05,\
04,3d,4f,3a,4a,44,33,3a,0a,06,12,68,53,7c,20,13,35,5d,4c,10,27,01,56,7a,2d,\
3f,38,4f,79,0f,16,26,75,53,1c,31,00,56,7a,3e,32,24,4f,79,1b,00,33,71,4d,23,\
32,29,7c,6a,35,31,34,40,72,3b,01,2e,5d,4c,2a,07,15,48,72,38,12,00,56,7a,3e,\
16,3c,71,4d,24,33,35,7c,72,35,0e,3c,1a,41,44,19,0f,31,3a,56,7a,2e,3e,31,0c,\
7c,6a,10,27,0c,05,5d,4c,39,19,12,15,61,54,2e,00,33,32,40,52,03,25,1f,05,5d,\
4c,2c,0c,0a,15,61,54,1a,26,1f,05,5d,4c,10,21,1d,1b,71,4d,3b,24,3a,21,6d,72,\
24,16,3c,32,40,72,21,0f,3a,1a,41,44,1b,1e,01,01,71,4d,32,23,30,27,6d,4d,1f,\
28,10,3c,56,7a,2f,2e,32,16,7c,6a,3a,12,3b,28,75,53,0b,3f,12,01,71,4d,23,32,\
29,27,75,53,12,30,32,1e,4f,79,12,38,17,01,71,4d,30,3e,37,27,6d,72,38,12,3f,\
04,41,44,0a,0e,32,28,49,5f,1c,24,0b,1b,36,21,41,7b,5b,24,39,31,7c,6a,2b,0e,\
25,75,53,1a,2e,26,41,72,34,16,26,71,4d,30,30,3a,7c,6a,07,33,1a,56,7a,3a,00,\
33,71,4d,23,32,29,7c,6a,1a,26,1a,40,52,24,3f,1a,6d,4d,1c,22,28,75,53,13,25,\
20,41,44,0a,0e,32,75,53,08,07,20,71,4d,10,27,0d,05,5d,4c,24,1a,1e,1b,71,4d,\
3f,20,3f,21,6d,4d,10,27,0c,05,5d,4c,39,19,12,3a,56,7a,3a,20,2c,0c,7c,6a,3e,\
0c,37,07,75,53,12,30,32,3a,56,7a,25,2d,23,0c,7c,6a,2b,08,21,3a,56,7a,22,3a,\
32,3a,56,72,24,1e,26,1a,41,44,07,1f,03,1b,75,53,1c,31,01,01,71,4d,32,23,30,\
27,6d,72,34,1e,30,04,41,44,1b,1e,3b,28,49,5f,07,33,12,1b,5d,4c,35,0b,0a,1f,\
75,53,0b,00,34,28,40,72,3b,01,2d,04,41,44,01,05,34,28,40,52,22,36,04,34,48,\
72,38,12,3f,04,41,44,0a,0e,1f,01,71,4d,24,33,35,27,06,1c,68,53,49,14,21,01,\
40,52,10,27,0d,40,52,2c,29,05,6d,4d,1f,28,05,56,7a,2f,2e,32,75,53,07,33,12,\
40,52,3f,3a,19,6d,72,20,00,34,71,4d,1a,26,1a,40,52,24,3f,1a,6d,72,35,08,38,\
5d,4c,2d,01,18,48,7a,27,23,1f,56,7a,3b,2f,3f,4f,79,08,39,01,1b,71,72,33,1f,\
39,3a,56,7a,2e,3e,31,0c,7c,72,35,0e,3f,1a,41,44,0a,0a,35,3a,56,7a,3a,20,2c,\
0c,7c,6a,03,25,1f,05,5d,4c,2c,0c,0a,15,61,54,27,05,34,32,40,52,10,21,09,05,\
5d,4c,2d,01,18,15,61,54,07,37,17,05,5d,4c,1c,24,03,1b,71,4d,30,30,3b,27,6d,\
72,33,17,3f,28,40,72,34,1e,30,04,41,44,1b,1e,00,01,71,4d,2f,2c,2c,27,6d,4d,\
0b,26,3f,3c,56,7a,3a,20,23,16,7c,6a,35,05,33,28,75,53,12,30,17,01,71,4d,30,\
3e,37,27,75,53,13,25,20,1e,4f,79,1f,29,1f,01,71,4d,24,33,35,27,06,21,41,7b,\
5b,3d,24,37,7c,6a,2b,0e,25,40,72,33,1f,39,5d,72,34,1e,30,5d,4c,2a,0d,18,48,\
7a,27,12,3b,71,4d,23,32,12,56,72,20,0c,2e,5d,4c,2c,0c,0a,75,53,1a,26,1f,40,\
72,35,08,38,5d,4c,2d,01,18,75,53,0f,21,27,41,44,07,1f,3e,61,54,3d,06,22,32,\
40,52,2c,29,05,32,48,72,34,1e,05,1b,71,4d,10,27,0c,05,5d,4c,39,19,1a,1b,71,\
4d,23,32,24,21,6d,4d,03,25,1f,05,5d,4c,2c,0c,0a,3a,56,7a,25,2d,23,0c,7c,6a,\
2b,08,21,07,75,53,13,25,20,3a,56,7a,3e,3e,3b,0c,7c,6a,3f,0f,23,3a,56,7a,2f,\
2e,3d,3c,56,72,33,1f,39,04,41,44,1a,0e,05,01,75,53,1c,31,00,01,71,4d,2f,2c,\
2c,27,6d,72,20,0c,2d,04,41,44,06,18,2a,28,49,5f,1a,26,1a,1b,5d,4c,2c,0c,0f,\
1f,75,53,1c,1c,3e,28,40,72,38,12,3f,04,41,44,0a,16,3c,28,40,52,3e,39,06,34,\
21,21,41,7b,5b,23,27,3c,7c,6a,17,37,17,40,52,32,24,05,6d,4d,0e,21,2c,75,53,\
0b,31,31,75,53,08,3e,21,41,44,07,1e,3c,61,54,17,37,17,05,5d,4c,00,33,1e,1b,\
71,4d,2e,39,3b,21,6d,72,20,06,32,32,40,72,21,0f,3c,1a,41,44,1a,0e,1f,01,71,\
4d,20,2c,30,27,6d,4d,0e,21,2c,3c,56,7a,3a,2e,2d,16,7c,6a,3f,07,22,28,6e,02,\
68,4a,7c,21,09,26,5d,4c,29,1d,1f,56,7a,3f,32,38,4f,79,1e,30,01,56,7a,3a,2e,\
2d,4f,79,14,07,22,71,4d,24,30,3b,7c,6a,2a,1e,2f,07,75,53,0c,2d,26,3a,56,7a,\
31,25,3d,0c,7c,6a,3e,0e,35,3a,56,7a,3b,2f,3d,3a,56,72,34,1e,26,04,41,44,0b,\
0a,1e,01,75,53,0e,38,01,01,71,4d,23,30,2b,27,6d,72,21,0f,3c,04,28,1b,67,6b,\
5f,00,22,10,75,53,1f,21,27,41,44,0b,0a,31,75,53,0e,1d,22,71,4d,03,27,1d,40,\
52,3e,39,08,75,53,08,31,21,41,44,1a,0e,32,3a,56,7a,3f,32,38,0c,7c,6a,06,3e,\
0d,05,5d,4c,35,0d,09,15,61,54,29,07,22,32,40,52,17,37,17,1b,5d,4c,3a,19,16,\
1f,61,54,06,3e,0d,1b,5d,4c,03,27,11,01,71,4d,24,33,3b,27,06,21,41,73,41,11,\
25,1d,56,7a,2e,3e,3b,4f,79,18,12,3f,71,4d,2e,39,3b,7c,6a,3e,0e,35,40,72,21,\
0f,3c,5d,4c,36,0d,19,48,72,34,1e,1f,1b,71,4d,00,33,16,05,5d,4c,38,04,01,1b,\
71,4d,23,30,2b,21,6d,4d,1c,24,0d,05,5d,4c,29,1d,17,3c,56,7a,3f,32,38,16,7c,\
6a,39,09,25,09,75,53,0b,31,31,3c,56,7a,3b,2f,3d,16,15,39,5f,7b,42,03,38,02,\
40,20,2c,1e,4f,37,41,7b,5b,23,27,3c,7c,14,07,22,6e,14,68,4a,7c,20,13,35,5d,\
30,37,08,06,37,41,7b,5b,23,27,3c,7c,1b,39,1d,30,02,7c,50,68,3a,3b,34,4f,1b,\
1e,3b,6e,14,68,73,41,0b,22,0a,56,12,30,32,28,09,67,73,41,0b,22,2a,41,2c,0c,\
0f,21,37,41,7b,5b,23,27,3c,7c,08,1c,3e,66,0e,44,4f,56,06,13,05,61,27,23,1f,\
4f,3f,5b,53,7c,20,13,35,5d,3e,39,06,06,0a,68,53,7c,21,09,26,5d,32,12,3f,6e,\
14,68,4a,44,3e,37,02,6d,1c,24,01,4f,3f,5b,73,41,08,38,27,41,38,04,19,6e,14,\
68,4a,44,3e,37,02,6d,3e,0e,35,3b,37,41,7b,5b,24,39,31,7c,08,39,00,4f,3f,7c,\
50,68,3b,1d,3c,71,25,2d,2c,20,3a,7c,50,68,3b,25,3b,4f,01,1d,2a,6e,14,68,4a,\
44,3e,37,02,6d,10,21,09,29,1f,5e,45,67,14,30,07,49,12,16,3c,66,0e,44,73,41,\
08,38,27,41,36,0a,1b,21,3f,42,73,41,10,3b,2d,41,00,33,1e,4f,3f,5b,53,5e,2e,\
07,1d,75,21,07,22,66,0e,7c,50,68,23,24,31,4f,0d,15,01,4f,3f,5b,53,5e,2e,07,\
1d,48,0b,18,3c,6e,14,68,4a,44,26,36,0c,6d,2b,06,25,66,37,41,7b,5b,14,21,01,\
40,3a,31,24,15,37,41,7b,5b,3c,3e,3f,7c,12,38,17,4f,3f,5b,53,5e,2e,07,1d,75,\
35,08,38,36,03,56,76,74,37,08,19,40,07,37,17,29,1f,7c,50,68,23,24,31,4f,07,\
1f,3e,16,17,7c,50,68,20,3a,39,75,25,12,3f,66,0e,44,4f,56,1c,12,1d,56,1c,24,\
0d,29,37,41,7b,5b,3d,24,37,7c,1e,1d,22,66,0e,44,4f,56,1c,12,30,61,23,13,11,\
4f,3f,5b,53,5e,2f,01,15,48,10,27,0c,6e,14,68,4a,7c,36,12,38,5d,24,3f,19,6e,\
14,68,4a,44,21,2c,04,6d,35,05,34,66,0e,44,4f,56,1c,12,1d,56,1c,3b,25,28,09,\
67,6b,5f,01,2c,28,75,24,1e,26,36,37,41,7b,5b,3d,24,37,7c,14,3a,0b,30,37,41,\
7b,5b,36,0c,7c
"{A8A88C49-5EB2-4990-A1A2-0876022C854F}"=hex:1a,37,61,59,23,52,35,0c,7a,5f,20,\
17,2f,1e,1a,19,0e,2b,01,73,1e,28,1a,04,1b,0c,3b,c2,21,2d,53,49,07,25,0f,29,\
01,7c,50,68,3a,3b,34,4f,79,08,39,0d,49,72,33,1f,39,5d,4c,17,37,05,56,7a,2f,\
2e,32,4f,79,1f,12,3b,75,53,0b,3f,12,56,7a,3a,20,23,4f,79,12,05,33,71,4d,3a,\
31,29,7c,6a,2b,08,21,40,72,38,12,3f,5d,4c,39,1d,17,48,72,21,0f,03,56,7a,2f,\
06,22,32,40,52,2c,29,05,3a,56,7a,2e,3e,31,0c,7c,6a,2b,06,25,32,40,52,33,24,\
01,32,75,53,0b,3f,32,04,4f,79,1b,3b,1f,0c,40,72,3b,01,2d,1a,75,53,12,30,3f,\
04,4f,79,08,3f,09,0c,75,53,13,25,20,04,75,53,07,37,17,05,5d,4c,36,0a,1b,3a,\
56,72,35,0e,3c,3c,56,7a,2d,3f,38,16,7c,6a,17,37,01,1b,5d,4c,2a,0d,18,1f,61,\
54,12,12,3b,28,40,52,3f,3a,19,34,48,72,20,0c,17,01,71,4d,1a,26,1a,1b,5d,4c,\
2c,0c,17,01,71,4d,30,3e,37,27,6d,4d,1b,3b,0c,1b,5d,4c,39,1d,17,3c,56,7a,3b,\
2f,3f,16,15,39,5f,7b,42,29,1d,3c,71,4d,30,06,22,71,4d,32,23,30,7c,6a,2a,1e,\
19,75,53,1c,31,20,41,72,24,12,3b,71,4d,23,32,24,7c,6a,03,25,17,56,7a,25,05,\
33,71,4d,3a,31,29,7c,6a,10,21,09,40,52,27,2c,0b,6d,4d,0f,28,2a,75,53,08,3e,\
23,41,44,1b,1e,3c,3a,56,7a,12,34,16,05,75,53,1f,21,2d,04,4f,79,10,27,0c,05,\
5d,4c,39,19,12,15,75,53,0b,3f,32,04,4f,79,1b,00,34,32,40,52,24,3f,19,32,48,\
7a,2c,10,17,1b,71,4d,30,1c,3e,32,40,52,27,2c,0b,32,48,7a,27,16,3c,32,40,52,\
3e,07,20,3a,56,7a,2f,2e,3d,16,7c,6a,12,34,1e,01,71,4d,17,37,01,1b,5d,4c,2a,\
0d,18,3c,56,7a,3e,32,24,16,7c,6a,3e,0c,34,09,75,53,0b,3f,3f,1e,4f,79,12,38,\
12,01,71,72,3b,01,2e,3c,56,7a,2f,24,39,16,7c,72,38,12,3f,04,41,44,0a,0e,32,\
3c,56,7a,3b,2f,3f,16,15,39,7c,50,68,23,24,31,4f,79,08,39,0d,49,5f,12,34,16,\
40,52,17,37,01,40,52,22,38,0b,6d,4d,0f,34,1a,56,7a,3a,20,2c,75,53,03,25,1f,\
40,52,24,3f,19,6d,72,3b,05,34,71,4d,10,21,09,40,52,27,2c,0b,6d,72,24,1e,26,\
5d,4c,36,0a,1b,48,7a,36,13,01,1b,71,4d,32,23,30,21,6d,4d,17,37,01,3a,56,7a,\
2f,06,25,32,40,52,33,24,01,3a,56,7a,3a,20,2c,0c,7c,6a,3e,00,34,32,40,52,24,\
3f,19,32,75,53,12,30,3f,04,4f,79,08,3f,09,0c,40,72,38,12,3f,1a,75,53,0f,21,\
27,04,4f,79,14,3a,0b,0c,75,53,1c,31,21,1e,75,53,12,34,16,1b,5d,4c,29,1d,1d,\
3c,56,72,35,0e,3f,3c,56,7a,3e,32,24,16,7c,6a,03,25,1a,1b,5d,4c,35,0b,0f,1f,\
61,54,27,05,33,28,40,52,24,3f,1a,34,48,72,35,08,1d,01,71,4d,1b,3b,0c,1b,5d,\
4c,39,1d,1f,01,71,4d,24,33,35,27,06,1c,7c,50,68,20,3a,39,4f,79,08,06,22,71,\
4d,32,23,30,7c,6a,2a,1e,19,40,72,35,0e,3f,5d,72,24,1a,25,5d,4c,35,0b,0a,48,\
7a,23,00,34,71,4d,3a,31,12,56,72,3b,01,2e,5d,4c,2a,07,15,75,53,1b,3b,0c,40,\
72,24,1e,26,5d,4c,36,0a,1b,75,53,1c,31,21,04,4f,79,0a,2a,06,0c,40,72,34,1e,\
30,1a,41,44,1b,1e,3b,3a,56,7a,07,33,12,05,75,53,0b,3f,32,04,4f,79,03,25,1f,\
05,5d,4c,2c,0c,0a,15,75,53,12,30,3f,04,4f,79,08,1c,3e,32,40,52,27,2c,0b,32,\
48,7a,27,23,1f,1b,71,4d,24,07,20,32,40,52,22,38,08,34,48,7a,34,17,3f,28,40,\
52,23,16,26,3c,56,7a,2f,2e,32,16,7c,6a,07,33,1a,01,71,4d,03,25,1a,1b,5d,4c,\
35,0b,0f,3c,56,7a,25,2d,2c,16,7c,6a,35,31,37,09,75,53,1c,3b,25,1e,4f,79,13,\
35,00,01,71,72,24,1e,26,3c,56,7a,3b,2f,3f,16,15,21,41,7b,5b,23,27,3c,7c,6a,\
2a,16,3c,71,4d,20,2c,30,7c,6a,06,3e,0d,40,52,3f,38,18,6d,4d,08,27,2c,75,53,\
08,31,21,75,53,1f,21,27,04,4f,79,18,2d,06,0c,75,53,0e,38,21,04,75,53,03,27,\
1d,05,5d,4c,36,0a,19,3a,56,72,34,1e,26,3c,56,7a,3f,32,38,16,7c,6a,06,3e,0d,\
1b,5d,4c,35,0d,09,1f,61,54,29,07,22,28,29,01,5e,45,67,14,30,1f,56,7a,17,37,\
17,40,72,25,1a,39,5d,4c,38,04,01,56,7a,3a,2e,2d,4f,79,14,3a,01,56,7a,3b,2e,\
3d,4f,79,0f,16,3c,32,40,52,32,24,05,32,48,7a,18,28,01,1b,71,4d,23,06,32,32,\
40,52,3e,39,08,32,48,7a,37,16,3c,28,40,52,32,12,3f,3c,56,7a,31,25,3d,16,7c,\
6a,03,27,11,01,71,4d,1c,24,0d,1b,36,1d,56,76,74,14,21,01,40,52,23,28,02,6d,\
4d,0c,34,2b,75,53,0e,38,21,41,44,06,1e,2c,75,53,08,07,22,71,4d,1c,27,0d,40,\
52,23,28,02,3a,56,7a,3f,32,38,0c,7c,6a,39,1d,22,32,40,52,3f,38,18,32,75,53,\
08,3e,21,04,4f,79,0f,29,07,02,40,72,25,1a,39,04,75,53,0e,38,21,1e,4f,79,1b,\
39,1d,02,75,53,08,3e,21,1e,6e,02,7c,50,68,20,3a,39,4f,79,0f,16,3c,75,53,0c,\
2d,1e,56,7a,31,25,3d,4f,79,1b,06,32,71,4d,24,33,3b,7c,6a,3f,0e,25,40,72,34,\
1e,26,1a,41,44,0b,0a,31,3a,56,7a,06,3e,0d,05,75,53,0b,31,31,04,4f,79,1c,24,\
0d,05,5d,4c,29,1d,17,1f,75,53,0c,2d,26,1e,4f,79,1e,1d,22,28,40,52,3f,38,18,\
34,48,7a,22,12,01,01,66,1c,44,73,41,0b,22,2a,41,3a,19,16,21,2d,42,73,41,0b,\
22,2a,41,1c,24,01,4f,2d,5b,53,5e,35,1e,22,75,27,1d,22,66,1c,7c,50,68,3a,3b,\
34,4f,06,1e,11,4f,2d,5b,53,5e,35,1e,22,48,1c,18,2d,6e,02,68,4a,44,3f,2d,31,\
6d,35,05,33,66,21,41,7b,5b,03,38,02,40,3a,31,29,15,21,41,7b,5b,23,27,3c,7c,\
08,3f,1d,4f,2d,5b,53,5e,35,1e,22,75,24,1e,26,36,1d,56,76,74,3e,03,1c,40,1c,\
24,0b,29,01,7c,50,68,3b,25,3b,4f,0b,0a,31,16,05,7c,50,68,3b,25,3b,75,21,07,\
22,66,1c,44,4f,56,07,15,1f,56,06,3e,0d,29,21,41,7b,5b,24,39,31,7c,1b,06,32,\
66,1c,44,4f,56,07,15,32,61,36,13,00,4f,2d,5b,53,5e,36,04,17,48,1a,26,1a,6e,\
02,68,4a,7c,21,09,26,5d,24,3f,1a,6e,02,68,4a,44,3e,37,02,6d,2b,1c,3e,66,1c,\
44,4f,56,07,15,1f,56,0f,21,27,28,1b,67,6b,5f,08,21,2a,75,21,0f,3a,36,21,41,\
7b,5b,3c,3e,3f,7c,18,2d,06,30,21,41,7b,5b,3c,3e,05,56,1c,24,0d,29,01,5e,45,\
67,0c,1c,26,75,27,09,3c,6e,02,68,4a,44,26,36,0c,6d,03,27,1d,29,01,5e,45,67,\
0c,3f,31,49,3d,06,25,66,1c,44,4f,56,1f,14,38,75,3b,01,12,4f,2d,5b,73,41,10,\
3b,2d,41,2c,0c,17,4f,2d,5b,53,5e,2e,07,1d,48,10,21,09,29,01,5e,45,67,0c,1c,\
26,71,3e,3e,3b,20,28,74,4e,68,2a,29,05,56,08,3e,23,6e,02,68,4a,44,21,2c,04,\
6d,3b,1a,20,6e,02,68,4a,44,21,1a,3e,75,21,0f,3c,36,1d,56,76,74,15,3b,1d,56,\
0e,38,01,4f,2d,5b,53,5e,2f,01,15,75,20,0e,2c,36,1d,56,76,74,28,02,21,40,10,\
27,0c,29,01,5e,45,67,0d,35,1d,56,12,05,33,66,1c,7c,50,68,20,3a,39,4f,01,05,\
34,66,1c,44,4f,56,1c,12,30,75,35,08,38,36,1d,56,76,74,15,3b,09,40,2f,20,31,\
15,39,5f,7b,42,20,1a,3e,71,3b,2f,03,4f,2d,5b,53,5e,20,39,74
"PMDisplayName"="Internet [Protected Mode]"
"LowIcon"="inetcpl.cpl#005425"
"1208"=dword:00000003
"1209"=dword:00000003
"120A"=dword:00000003
"1408"=dword:00000003
"160A"=dword:00000000
"180A"=dword:00000003
"180C"=dword:00000003
"2301"=dword:00000000
"2103"=dword:00000003
"2104"=dword:00000003
"2105"=dword:00000003
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2600"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
@=""
"DisplayName"="Restricted sites"
"Description"="This zone contains Web sites that could potentially damage your computer or data."
"Icon"="inetcpl.cpl#00004481"
"CurrentLevel"=dword:00000000
"MinLevel"=dword:00012000
"RecommendedLevel"=dword:00012000
"Flags"=dword:00000003
"1001"=dword:00000003
"1004"=dword:00000003
"1200"=dword:00000003
"1201"=dword:00000003
"1206"=dword:00000003
"1207"=dword:00000003
"1400"=dword:00000003
"1402"=dword:00000003
"1405"=dword:00000003
"1406"=dword:00000003
"1407"=dword:00000003
"1601"=dword:00000001
"1604"=dword:00000001
"1605"=dword:00000000
"1606"=dword:00000003
"1607"=dword:00000003
"1608"=dword:00000003
"1609"=dword:00000001
"1800"=dword:00000003
"1802"=dword:00000001
"1803"=dword:00000003
"1804"=dword:00000003
"1805"=dword:00000001
"1806"=dword:00000003
"1807"=dword:00000001
"1808"=dword:00000000
"1809"=dword:00000000
"180B"=dword:00000001
"180D"=dword:00000001
"1A00"=dword:00010000
"1A02"=dword:00000003
"1A03"=dword:00000003
"1A04"=dword:00000003
"1A05"=dword:00000003
"1A06"=dword:00000003
"1A10"=dword:00000003
"1C00"=dword:00000000
"1E05"=dword:00010000
"2100"=dword:00000003
"2101"=dword:00000003
"2102"=dword:00000003
"2200"=dword:00000003
"2201"=dword:00000003
"2300"=dword:00000003
"2000"=dword:00000003
"{AEBA21FA-782A-4A90-978D-B72164C80120}"=hex:1a,37,61,59,23,52,35,0c,7a,5f,20,\
17,2f,1e,1a,19,0e,2b,01,73,13,37,13,12,14,1a,15,39
"{A8A88C49-5EB2-4990-A1A2-0876022C854F}"=hex:1a,37,61,59,23,52,35,0c,7a,5f,20,\
17,2f,1e,1a,19,0e,2b,01,73,13,37,13,12,14,1a,15,39
"PMDisplayName"="Restricted sites [Protected Mode]"
"LowIcon"="inetcpl.cpl#005426"
"1208"=dword:00000003
"1209"=dword:00000003
"120A"=dword:00000003
"1408"=dword:00000003
"160A"=dword:00000003
"180A"=dword:00000003
"180C"=dword:00000003
"2301"=dword:00000000
"2103"=dword:00000003
"2104"=dword:00000003
"2105"=dword:00000003
"2400"=dword:00000003
"2401"=dword:00000003
"2402"=dword:00000003
"2600"=dword:00000003

Odpovědět