Nelze se přihlásit - RSIT

[motji]

Prosím Tě, zadaváš ten příkaz do příkazového řádku?

start-spustit
do okénka zkopírujte


"%userprofile%\plocha\mbr" -t

[alesholoska]

jj zadávám

tady máš screen

http://yfrog.com/2mmbrp

[motji]

Hm, ptala jsem se kolegů a vypadá to na nabořený systém .
Nejlepší by to bylo zformátovat a nahodit OS znovu.

[MiliNess]

Ta chyba spočívá v tom, že je po startu OS ukončen proces subsystému Windows csrss. K tomu dojde po té, co se snaží csrss volat systémovou službu. Jelikož jste měl prý v systému nějaký rootkit, vypadá to na nějaké pozůstatky po něm. Buď je pozměněná tabulka systémových služeb přímo v souboru obrazu jádra nebo se ještě něco škodlivého zavádí a pozměňuje SSDT (SDT) či hákuje dispečera služeb.
Zkuste odinstalovat Combofix, mohl by tam dělat problém i ovladač, který si zavádí.
Chtělo by to přepsat zavaděč (c:\ntldr a obraz jádra C:\WINDOWS\System32\ntoskrnl.exe ze zálohy C:\WINDOWS\ServicePackFiles\i386, eventuelně C:\WINDOWS\Driver Cache\i386) To by ale chtělo udělat z konzoly pro zotavení, kterou bez CD ROMky nespustíte). Ideální by bylo pomocí nástroje sfc opravit systémové soubory, zřejmě ale bude opět potřeba CD ROM)
Systémové soubory budou přepsány i v případě, že byste se rozhodl nainstalovat ServicePack 3.
Taky jsem v dumpech narazil na problém, kdy csrss ukončil filtr antiviráku. Proč to udělal, nevím. Možná, že narazil na nějaký škodlivý kód.
Sptd jste odinstaloval? Podle GMER to byl jediný ovladač, který hákoval SSDT. Zjistíte to ve správci zařízení->zobrazit->zatrhnete "skrytá zařízení"->ve skrytých zařízeních nesmí být sptd.
Potřeboval byste CD ROMku. Takhle jsou možnosti dost omezené.
Tady si stáhněte nástroj od MS bootsect http://leteckaposta.cz/732259635, zkopírujte ho do kořene C:
a v příkazovém řádku napište c:\Bootsect.exe /NT52 All /mbr.
Tím přepíšete hlavní zaváděcí záznam a bootsectory partícií.

A instrukce od Motji:
Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

[alesholoska]

Pro motji a MiliNess

Reinstaloval jsem počítač! Takže teď jsem už bez problémů . Děkuji za projevenou snahu při řešení problému i když jsem se nevyhnul reinstalaci. Po týdnu práce mohu konečně plnohodnotně pracovat nejenom v režimu nouze. Asi to půjdu zítra někam oslavit Klaním se před všemi rádci na fóru, hlavně před tebou motji a taky před MiliNess Ještě jednou, že jste mi celý týden radili a snažili se můj problém vyřešit.

Dobrou Noc!

[motji]

Taky řešení, řekla bych že i rychlejší, než se to snažit opravit .
Akorát jsi psal, že nemáš cd romku, takže to se asi vyřešilo .

I za kolegu MiliNesse - není zač

[alesholoska]

Tak jsem se radoval předčasně. Už to zase blbne. Tak zkusím to co radil MiliNess s tím bootsect.exe

Sptd jste odinstaloval? Podle GMER to byl jediný ovladač, který hákoval SSDT. Zjistíte to ve správci zařízení->zobrazit->zatrhnete "skrytá zařízení"->ve skrytých zařízeních nesmí být sptd.

Tam jsem měl pouze volbu Install

[motji]

To jsi jen přeinstaloval, nebo proběhl i formát disku?

[alesholoska]

Jenom přeinstaloval bez formátu

[motji]

Aha, to už by bylo lepší s formátem
Zkus co psal Miliness, uvidíme.

[alesholoska]

Chtělo by to přepsat zavaděč (c:\ntldr a obraz jádra C:\WINDOWS\System32\ntoskrnl.exe ze zálohy C:\WINDOWS\ServicePackFiles\i386, eventuelně C:\WINDOWS\Driver Cache\i386) To by ale chtělo udělat z konzoly pro zotavení, kterou bez CD ROMky nespustíte).

Nainstaloval jsem si konzoli pro zotavení. Bylo by možno mi poradit příkaz pro přepsání zaváděče??

[motji]

Promin, dnes tu moc nejsem


První se podíváme, odkud ho zkopíruješ A ještě počkám na Milinesse, co Ti poradí .
Bsod už žádná nebyla dnes?
Ted máš konkrétně jaké problémy?

Do systemlook zadej

Kód: Vybrat vše

:filefind
ntoskrnl.exe

[alesholoska]

Teď jsem od doby co jsem nainstaloval Service Pack 3 bez problémů

[motji]

Fajn, ted jsem Ti to chtěla napsat, jestli jsi ho instaloval.

Poprosím o nový log ze Rsitu

[alesholoska]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Acer at 2010-03-07 20:44:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 314 MB (1%) free of 41 GB
Total RAM: 446 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:13, on 7.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\WTMKM.exe
C:\Program Files\ConMet\ConMet.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\dev\prog\Apache2\bin\Apache.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CesarFTP\server.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Merak\cal.exe
C:\dev\prog\Apache2\bin\Apache.exe
C:\Program Files\Merak\control.exe
C:\Program Files\Merak\im.exe
C:\Program Files\Merak\pop3.exe
C:\Program Files\Merak\smtp.exe
C:\dev\prog\mysql50\bin\mysqld-nt.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Enterprise Mail Server\SMTPListener.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\PSPad editor\PSPad.exe
C:\Documents and Settings\Acer\My Documents\Stažené soubory\RSIT.exe
C:\Documents and Settings\Acer\Desktop\Acer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [ConMet] C:\Program Files\ConMet\ConMet.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Arles Download Manager - C:\Documents and Settings\Acer\Local Settings\Application Data\Ariel Download Manager\DownloadManager.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9263398453
O17 - HKLM\System\CCS\Services\Tcpip\..\{6148232E-0836-4933-ADCE-D4BFE3B3904F}: NameServer = 90.183.231.251 194.228.41.65
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\dev\prog\Apache2\bin\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CesarFTP FTP Server (CesarFTP) - Unknown owner - C:\Program Files\CesarFTP\server.exe
O23 - Service: Google Sitemap Generator (GoogleSitemapGenerator) - Google Inc. - C:\Program Files\Google\Google Sitemap Generator\SitemapService.exe
O23 - Service: Služba Google Update (gupdate1ca16d380f2b742) (gupdate1ca16d380f2b742) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: IceWarp GroupWare Server (MerakCalendar) - IceWarp Ltd - C:\Program Files\Merak\cal.exe
O23 - Service: IceWarp Control / Web / FTP (MerakControl) - IceWarp Ltd - C:\Program Files\Merak\control.exe
O23 - Service: IceWarp IM / VoIP (MerakIM) - IceWarp Ltd - C:\Program Files\Merak\im.exe
O23 - Service: IceWarp POP3 / IMAP (MerakPOP3) - IceWarp Ltd - C:\Program Files\Merak\pop3.exe
O23 - Service: IceWarp SMTP (MerakSMTP) - IceWarp Ltd - C:\Program Files\Merak\smtp.exe
O23 - Service: MySQL5 - Unknown owner - C:\dev\prog\mysql50\bin\mysqld-nt (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SMTP Server Service (SMTPMainService) - Unknown owner - C:\Program Files\Enterprise Mail Server\SMTPListener.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe

--
End of file - 12938 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Norton Security Scan for Acer.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-06 439872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll [2010-02-11 185856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-08-06 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-17 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-06 439872]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-05-30 421888]
"MacrokeyManager"=C:\WINDOWS\system32\WTMKM.exe [2009-01-13 3161760]
"ConMet"=C:\Program Files\ConMet\ConMet.exe [2010-01-12 3804672]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946]
"adiras"=adiras.exe []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-27 16248320]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-01-12 133368]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\365dni]
C:\Program Files\365dníNET\365dniNET.exe [2007-01-06 655360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-03-31 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe [2008-07-17 1454080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-04-14 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2008-11-01 281600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-05-30 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-06-23 602112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]
C:\Program Files\Mobile Master\MMAgent.exe [2008-09-11 1347008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-06-27 16248320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-06 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-09-23 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Acer^Start Menu^Programs^Startup^Jabbim.lnk]
C:\PROGRA~1\Jabbim\jabbim.exe [2009-01-29 206848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
C:\Acer\EMPOWE~1\ACEREM~1.EXE [2006-06-29 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-01-17 618557]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
C:\PROGRA~1\ADSL\ADSLUS~1\dslmon.exe [2003-10-16 929889]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-07-18 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\groove.exe"="C:\Program Files\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Activ Software\ActivstudioPE3\AMARKER.EXE"="C:\Program Files\Activ Software\ActivstudioPE3\AMARKER.EXE:*:Enabled:ENABLE"
"C:\Program Files\Activ Software\ActivstudioPE3\Activresmanager.exe"="C:\Program Files\Activ Software\ActivstudioPE3\Activresmanager.exe:*:Enabled:ENABLE"
"C:\Program Files\WinRAR\WinRAR.exe"="C:\Program Files\WinRAR\WinRAR.exe:*:Enabled:ENABLE"
"C:\WINDOWS\System32\logon.scr"="C:\WINDOWS\System32\logon.scr:*:Enabled:ENABLE"
"C:\Program Files\Activ Software\ActivstudioPE3\ASExport Wizard.exe"="C:\Program Files\Activ Software\ActivstudioPE3\ASExport Wizard.exe:*:Enabled:ENABLE"
"C:\WINDOWS\RTHDCPL.EXE"="C:\WINDOWS\RTHDCPL.EXE:*:Enabled:ENABLE"
"C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe:*:Enabled:ENABLE"
"C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe:*:Enabled:ENABLE"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe:*:Enabled:ENABLE"
"C:\Program Files\Launch Manager\LManager.exe"="C:\Program Files\Launch Manager\LManager.exe:*:Enabled:ENABLE"
"C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe:*:Enabled:ENABLE"
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\wbem\unsecapp.exe"="C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:ENABLE"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ENABLE"
"C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe"="C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe:*:Enabled:ENABLE"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"="C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe:*:Enabled:ENABLE"
"C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe"="C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe:*:Enabled:ENABLE"
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Acer\Desktop\aircrack-ng-0.9.3-win\BIN\airodump-ng.exe"="C:\Documents and Settings\Acer\Desktop\aircrack-ng-0.9.3-win\BIN\airodump-ng.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Acer\Desktop\aircrack-ng-0.9.3-win\BIN\Aircrack-ng GUI.exe"="C:\Documents and Settings\Acer\Desktop\aircrack-ng-0.9.3-win\BIN\Aircrack-ng GUI.exe:*:Enabled:ENABLE"
"C:\WINDOWS\System32\cmd.exe"="C:\WINDOWS\System32\cmd.exe:*:Enabled:ENABLE"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ENABLE"
"C:\WINDOWS\System32\netsh.exe"="C:\WINDOWS\System32\netsh.exe:*:Enabled:ENABLE"
"C:\WINDOWS\ehome\ehtray.exe"="C:\WINDOWS\ehome\ehtray.exe:*:Enabled:ENABLE"
"C:\WINDOWS\eHome\ehmsas.exe"="C:\WINDOWS\eHome\ehmsas.exe:*:Enabled:ENABLE"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"I:\Program Files\ICQ6.5\ICQ.exe"="I:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Enterprise Mail Server\SMTPServerGUI.exe"="C:\Program Files\Enterprise Mail Server\SMTPServerGUI.exe:*:Enabled:SMTPServerGUI"
"C:\Program Files\Enterprise Mail Server\SMTPListener.exe"="C:\Program Files\Enterprise Mail Server\SMTPListener.exe:*:Enabled:SMTPListener"
"C:\Program Files\Enterprise Mail Server\Uninstaller.exe"="C:\Program Files\Enterprise Mail Server\Uninstaller.exe:*:Enabled:SMTPUninstaller"
"C:\Program Files\Enterprise Mail Server\Updater.exe"="C:\Program Files\Enterprise Mail Server\Updater.exe:*:Enabled:SMTPUpdater"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:ENABLE"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\autorun.exe


======File associations======

.txt - open - notepad.exe %1