Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 26.8.2009 18:57:51 for strings:
; 'kód: vybrat vše
'
; 'avg'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avd]
@="AvgDiagFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvgDiagFile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvgDiagFile]
@="AVG Diagnostics file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvgDiagFile\shell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification]
@="AVGeneralNotification Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification\CurVer]
@="AVGeneralNotification.AVGeneralNotification.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification.1]
@="AVGeneralNotification Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239A3C5E-8D41-11D1-B675-00C04FA3C554}]
@="AVGeneralNotification Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239A3C5E-8D41-11D1-B675-00C04FA3C554}\ProgID]
@="AVGeneralNotification.AVGeneralNotification.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239A3C5E-8D41-11D1-B675-00C04FA3C554}\VersionIndependentProgID]
@="AVGeneralNotification.AVGeneralNotification"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\719A768971D5ED0438ABEB5A9213491B\Features]
"CUECommonHelpAsn10"="nw1oIlDw`9*]Vce+$Dlu$Il*_0MlRAeOJG,NV3Sxq[%+*+,LGAUSY=Bi.Z2Hb7ugvh{'O?V*zbDC&4G^[G1clIosD98eH.G*PBo2[{{6c9VGz?avGpN!lN7s@*rhM5M&W@2^qDc&9B)d,po=a@[rr@i]p]7++KhHY^waiZ($i@*g3(ck'{vRqN*U7[rDV?53ysAGwI=i~9Df0fFUt@)Mg-Q8MRur&Vk]w4)D3@YUMq@(lsE0GM{@Bt+L~@NvLaU}dP`D_,MX`f4&P@C**%5+c5r%c[M,lP_HV@M~joK]FsvYHSfbu8Osu9*KV}BzPbFbfO9Tac'$99g]{DIoG%'Rrdx_`-Go==2Pr1]+)K6TRDM!L$*@-=X2lYZK_+LFuZ^2mDy7V@U(]+aQex11I3DIw)Wy,=?-a0Z5QSj1?M?Jz_H*b?-yop$&SlSF=IQg.VYa?=Fs~jEQ+jOO,kR_@fZZD99,CanZc{LI~l}MOaAa69nOj`?Ao6BJaUKqtZ&.W=ET6(Qs?I]iQLb6=_h1Q=Wz0Z$g78FTPf}$j=O(!?IEfOp6tIbsYRJEIaYeS?2'7=C=c3]DyQ$&&'gjK9~baE)-hA)eK8Q!3IYs2AqghtKBwfqJ}YLf0z~&d?glgtd'DWd!sOe{Asn~59D)yx$m=3RjEuKV2)v'9@8@Ax8{dmNi4aXgKor9G?J-e-+g~WL_gu1}a'%%o9hE)^G_acXp8fJq=v1G&@uk@89Jbn0]m.{]3U3&`=Oy,ro,`*E_4K'yukD}29QsE=)[RC'E34Z2qYmSO@ve[HQ!g?bkdpFtJsAhb?{sZBWXs)f^s-y[TC)Yk@+=8++u&f&?.Ps*taoc$9z*)Sj8ddSZ}aNsLyRgn89_Q=7m=m3n"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com\www]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com\www]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org\www]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com\www]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\GroupOrderList]
; Contents of value:
;
"AVG"=hex:01,00,00,00,02,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7CORE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSW]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSW\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSW\0000]
"Service"="Avg7RsW"
"DeviceDesc"="AVG7 Wrap Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSW\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSXP]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGCLEAN]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDI]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WMI.NET Provider Extension
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WgaSetup
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; UploadM
; TrueVector Service
; Tlntsvr
; System.ServiceModel.Install 3.0.0.0
; System.ServiceModel 3.0.0.0
; System.Runtime.Serialization 3.0.0.0
; System.IO.Log 3.0.0.0
; System.IdentityModel 3.0.0.0
; SysmonLog
; Spybot - Search & Destroy 2
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNL HiveManager
; ServiceModel Audit 3.0.0.0
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; RPC
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MSSHA
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft.Transactions.Bridge 3.0.0.0
; Microsoft H.323 Telephony Service Provider
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; JavaQuickStarterService
; HotFixInstaller
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; EAPOL
; DrWatson
; Dot3Svc
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; CardSpace 3.0.0.0
; AVG7
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; apphelp
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,4d,00,49,00,2e,00,4e,00,45,00,54,00,20,\
00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,73,00,69,00,6f,00,6e,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,\
00,53,00,4e,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,\
69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,\
63,00,74,00,69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,\
00,64,00,6f,00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,\
72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,67,00,61,00,53,00,65,00,74,\
00,75,00,70,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\
00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,\
00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,\
73,00,65,00,72,00,65,00,6e,00,76,00,00,00,55,00,70,00,6c,00,6f,00,61,00,64,\
00,4d,00,00,00,54,00,72,00,75,00,65,00,56,00,65,00,63,00,74,00,6f,00,72,00,\
20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,6c,00,6e,00,74,\
00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,00,53,00,\
65,00,72,00,76,00,69,00,63,00,65,00,4d,00,6f,00,64,00,65,00,6c,00,2e,00,49,\
00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,33,00,2e,00,30,00,2e,00,30,00,\
2e,00,30,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,4d,00,6f,00,64,00,65,00,6c,00,20,00,33,00,2e,00,\
30,00,2e,00,30,00,2e,00,30,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,\
00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,2e,00,53,00,65,00,72,00,69,00,\
61,00,6c,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,33,00,2e,00,30,\
00,2e,00,30,00,2e,00,30,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,00,\
49,00,4f,00,2e,00,4c,00,6f,00,67,00,20,00,33,00,2e,00,30,00,2e,00,30,00,2e,\
00,30,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,00,49,00,64,00,65,00,\
6e,00,74,00,69,00,74,00,79,00,4d,00,6f,00,64,00,65,00,6c,00,20,00,33,00,2e,\
00,30,00,2e,00,30,00,2e,00,30,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,\
4c,00,6f,00,67,00,00,00,53,00,70,00,79,00,62,00,6f,00,74,00,20,00,2d,00,20,\
00,53,00,65,00,61,00,72,00,63,00,68,00,20,00,26,00,20,00,44,00,65,00,73,00,\
74,00,72,00,6f,00,79,00,20,00,32,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,\
00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,\
72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,\
00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,\
6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,\
00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,4e,00,4c,00,20,00,\
48,00,69,00,76,00,65,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,4d,00,6f,00,64,00,65,00,6c,00,20,00,\
41,00,75,00,64,00,69,00,74,00,20,00,33,00,2e,00,30,00,2e,00,30,00,2e,00,30,\
00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,\
74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,\
00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,\
69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,\
00,72,00,64,00,6d,00,73,00,00,00,52,00,50,00,43,00,00,00,52,00,65,00,6d,00,\
6f,00,74,00,65,00,20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,63,\
00,65,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,50,00,\
65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,00,74,\
00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,72,00,\
66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,00,6b,\
00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,66,00,\
66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,4f,\
00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,00,\
75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,00,00,\
00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,\
4d,00,53,00,44,00,45,00,00,00,4d,00,53,00,53,00,48,00,41,00,00,00,4d,00,73,\
00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,\
53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,\
00,53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,\
00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,54,00,72,\
00,61,00,6e,00,73,00,61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,2e,00,42,00,\
72,00,69,00,64,00,67,00,65,00,20,00,33,00,2e,00,30,00,2e,00,30,00,2e,00,30,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,\
2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,\
00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,\
6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\
00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,\
61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,\
00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,\
65,00,72,00,66,00,00,00,4a,00,61,00,76,00,61,00,51,00,75,00,69,00,63,00,6b,\
00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,53,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00,48,00,6f,00,74,00,46,00,69,00,78,00,49,00,6e,00,73,00,74,\
00,61,00,6c,00,6c,00,65,00,72,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,\
63,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,\
00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,\
20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,\
00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,\
53,00,45,00,4e,00,54,00,00,00,45,00,41,00,50,00,4f,00,4c,00,00,00,44,00,72,\
00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,6f,00,74,00,33,00,53,00,\
76,00,63,00,00,00,44,00,69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,\
00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,\
00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,\
00,6b,00,00,00,43,00,61,00,72,00,64,00,53,00,70,00,61,00,63,00,65,00,20,00,\
33,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,41,00,56,00,47,00,37,00,00,\
00,41,00,75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,\
6e,00,74,00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,\
00,50,00,2e,00,4e,00,45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,\
37,00,32,00,37,00,2e,00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,\
00,20,00,31,00,2e,00,31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,\
41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,\
00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,\
70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,\
00,67,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,\
6e,00,20,00,45,00,72,00,72,00,6f,00,72,00,00,00,61,00,70,00,70,00,68,00,65,\
00,6c,00,70,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,00,7a,00,61,00,74,\
00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,\
2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,20,\
00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,20,00,52,00,65,00,\
70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,00,45,00,54,00,20,\
00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,70,00,70,00,6c,00,\
69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AVG7]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\GroupOrderList]
; Contents of value:
;
"AVG"=hex:01,00,00,00,02,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7CORE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7RSW]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7RSW\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7RSW\0000]
"Service"="Avg7RsW"
"DeviceDesc"="AVG7 Wrap Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7RSW\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7RSXP]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGCLEAN]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDI]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WMI.NET Provider Extension
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WgaSetup
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; UploadM
; TrueVector Service
; Tlntsvr
; System.ServiceModel.Install 3.0.0.0
; System.ServiceModel 3.0.0.0
; System.Runtime.Serialization 3.0.0.0
; System.IO.Log 3.0.0.0
; System.IdentityModel 3.0.0.0
; SysmonLog
; Spybot - Search & Destroy 2
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNL HiveManager
; ServiceModel Audit 3.0.0.0
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; RPC
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MSSHA
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft.Transactions.Bridge 3.0.0.0
; Microsoft H.323 Telephony Service Provider
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; JavaQuickStarterService
; HotFixInstaller
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; EAPOL
; DrWatson
; Dot3Svc
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; CardSpace 3.0.0.0
; AVG7
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; apphelp
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,4d,00,49,00,2e,00,4e,00,45,00,54,00,20,\
00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,73,00,69,00,6f,00,6e,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,\
00,53,00,4e,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,\
69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,\
63,00,74,00,69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,\
00,64,00,6f,00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,\
72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,67,00,61,00,53,00,65,00,74,\
00,75,00,70,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\
00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,\
00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,\
73,00,65,00,72,00,65,00,6e,00,76,00,00,00,55,00,70,00,6c,00,6f,00,61,00,64,\
00,4d,00,00,00,54,00,72,00,75,00,65,00,56,00,65,00,63,00,74,00,6f,00,72,00,\
20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,6c,00,6e,00,74,\
00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,00,53,00,\
65,00,72,00,76,00,69,00,63,00,65,00,4d,00,6f,00,64,00,65,00,6c,00,2e,00,49,\
00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,33,00,2e,00,30,00,2e,00,30,00,\
2e,00,30,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,4d,00,6f,00,64,00,65,00,6c,00,20,00,33,00,2e,00,\
30,00,2e,00,30,00,2e,00,30,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,\
00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,2e,00,53,00,65,00,72,00,69,00,\
61,00,6c,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,33,00,2e,00,30,\
00,2e,00,30,00,2e,00,30,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,00,\
49,00,4f,00,2e,00,4c,00,6f,00,67,00,20,00,33,00,2e,00,30,00,2e,00,30,00,2e,\
00,30,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,00,49,00,64,00,65,00,\
6e,00,74,00,69,00,74,00,79,00,4d,00,6f,00,64,00,65,00,6c,00,20,00,33,00,2e,\
00,30,00,2e,00,30,00,2e,00,30,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,\
4c,00,6f,00,67,00,00,00,53,00,70,00,79,00,62,00,6f,00,74,00,20,00,2d,00,20,\
00,53,00,65,00,61,00,72,00,63,00,68,00,20,00,26,00,20,00,44,00,65,00,73,00,\
74,00,72,00,6f,00,79,00,20,00,32,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,\
00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,\
72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,\
00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,\
6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,\
00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,4e,00,4c,00,20,00,\
48,00,69,00,76,00,65,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,4d,00,6f,00,64,00,65,00,6c,00,20,00,\
41,00,75,00,64,00,69,00,74,00,20,00,33,00,2e,00,30,00,2e,00,30,00,2e,00,30,\
00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,\
74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,\
00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,\
69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,\
00,72,00,64,00,6d,00,73,00,00,00,52,00,50,00,43,00,00,00,52,00,65,00,6d,00,\
6f,00,74,00,65,00,20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,63,\
00,65,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,50,00,\
65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,00,74,\
00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,72,00,\
66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,00,6b,\
00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,66,00,\
66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,4f,\
00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,00,\
75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,00,00,\
00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,\
4d,00,53,00,44,00,45,00,00,00,4d,00,53,00,53,00,48,00,41,00,00,00,4d,00,73,\
00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,\
53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,\
00,53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,\
00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,54,00,72,\
00,61,00,6e,00,73,00,61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,2e,00,42,00,\
72,00,69,00,64,00,67,00,65,00,20,00,33,00,2e,00,30,00,2e,00,30,00,2e,00,30,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,\
2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,\
00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,\
6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\
00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,\
61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,\
00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,\
65,00,72,00,66,00,00,00,4a,00,61,00,76,00,61,00,51,00,75,00,69,00,63,00,6b,\
00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,53,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00,48,00,6f,00,74,00,46,00,69,00,78,00,49,00,6e,00,73,00,74,\
00,61,00,6c,00,6c,00,65,00,72,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,\
63,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,\
00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,\
20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,\
00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,\
53,00,45,00,4e,00,54,00,00,00,45,00,41,00,50,00,4f,00,4c,00,00,00,44,00,72,\
00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,6f,00,74,00,33,00,53,00,\
76,00,63,00,00,00,44,00,69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,\
00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,\
00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,\
00,6b,00,00,00,43,00,61,00,72,00,64,00,53,00,70,00,61,00,63,00,65,00,20,00,\
33,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,41,00,56,00,47,00,37,00,00,\
00,41,00,75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,\
6e,00,74,00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,\
00,50,00,2e,00,4e,00,45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,\
37,00,32,00,37,00,2e,00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,\
00,20,00,31,00,2e,00,31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,\
41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,\
00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,\
70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,\
00,67,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,\
6e,00,20,00,45,00,72,00,72,00,6f,00,72,00,00,00,61,00,70,00,70,00,68,00,65,\
00,6c,00,70,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,00,7a,00,61,00,74,\
00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,\
2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,20,\
00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,20,00,52,00,65,00,\
70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,00,45,00,54,00,20,\
00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,70,00,70,00,6c,00,\
69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVG7]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; UploadM
; TrueVector Service
; Tlntsvr
; SysmonLog
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; RPC
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; JavaQuickStarterService
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; EAPOL
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; AVG7
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; apphelp
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,\
00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,55,00,70,00,6c,00,6f,00,\
61,00,64,00,4d,00,00,00,54,00,72,00,75,00,65,00,56,00,65,00,63,00,74,00,6f,\
00,72,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,6c,00,\
6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,4c,\
00,6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,\
72,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,52,\
00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,50,00,\
6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,\
00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,\
00,43,00,65,00,6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,\
74,00,66,00,79,00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,\
00,65,00,43,00,6c,00,69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,00,76,00,\
00,00,53,00,41,00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,50,00,43,00,00,\
00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,69,00,73,00,\
74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,\
00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,\
66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,\
00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,\
44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,\
00,00,00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,\
65,00,73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,\
00,61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,\
65,00,63,00,6b,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,\
00,45,00,52,00,2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,69,00,49,00,\
6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,\
00,43,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,\
54,00,43,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,00,4d,00,69,\
00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,33,00,32,00,\
33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,00,20,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,69,00,\
64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,\
00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,61,00,6c,00,20,00,\
43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,00,6d,00,70,00,69,\
00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,00,\
00,00,4a,00,61,00,76,00,61,00,51,00,75,00,69,00,63,00,6b,00,53,00,74,00,61,\
00,72,00,74,00,65,00,72,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,\
48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,00,6c,00,64,00,65,\
00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,\
6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,00,6c,00,6f,00,79,\
00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,\
73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,54,00,00,00,45,00,41,\
00,50,00,4f,00,4c,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,\
00,00,44,00,69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,\
00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,\
4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,\
00,41,00,56,00,47,00,37,00,00,00,41,00,75,00,74,00,6f,00,45,00,6e,00,72,00,\
6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,00,75,00,74,00,6f,00,63,\
00,68,00,6b,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,32,00,\
2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,00,30,00,00,00,41,00,53,\
00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,33,00,\
32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,\
00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,\
00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,69,00,\
63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,00,00,\
00,61,00,70,00,70,00,68,00,65,00,6c,00,70,00,00,00,2e,00,4e,00,45,00,54,00,\
20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,\
00,6d,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,\
76,00,69,00,63,00,65,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,\
00,74,00,69,00,6d,00,65,00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,\
6f,00,72,00,20,00,52,00,65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,\
00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,\
00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,\
00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\AVG7]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList]
; Contents of value:
;
"AVG"=hex:01,00,00,00,02,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7CORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW\0000]
"Service"="Avg7RsW"
"DeviceDesc"="AVG7 Wrap Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSXP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGCLEAN]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WMI.NET Provider Extension
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WgaSetup
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; UploadM
; TrueVector Service
; Tlntsvr
; System.ServiceModel.Install 3.0.0.0
; System.ServiceModel 3.0.0.0
; System.Runtime.Serialization 3.0.0.0
; System.IO.Log 3.0.0.0
; System.IdentityModel 3.0.0.0
; SysmonLog
; Spybot - Search & Destroy 2
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNL HiveManager
; ServiceModel Audit 3.0.0.0
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; RPC
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MSSHA
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft.Transactions.Bridge 3.0.0.0
; Microsoft H.323 Telephony Service Provider
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; JavaQuickStarterService
; HotFixInstaller
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; EAPOL
; DrWatson
; Dot3Svc
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; CardSpace 3.0.0.0
; AVG7
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; apphelp
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,4d,00,49,00,2e,00,4e,00,45,00,54,00,20,\
00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,73,00,69,00,6f,00,6e,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,\
00,53,00,4e,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,\
69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,\
63,00,74,00,69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,\
00,64,00,6f,00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,\
72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,67,00,61,00,53,00,65,00,74,\
00,75,00,70,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\
00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,\
00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,\
73,00,65,00,72,00,65,00,6e,00,76,00,00,00,55,00,70,00,6c,00,6f,00,61,00,64,\
00,4d,00,00,00,54,00,72,00,75,00,65,00,56,00,65,00,63,00,74,00,6f,00,72,00,\
20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,6c,00,6e,00,74,\
00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,00,53,00,\
65,00,72,00,76,00,69,00,63,00,65,00,4d,00,6f,00,64,00,65,00,6c,00,2e,00,49,\
00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,33,00,2e,00,30,00,2e,00,30,00,\
2e,00,30,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,4d,00,6f,00,64,00,65,00,6c,00,20,00,33,00,2e,00,\
30,00,2e,00,30,00,2e,00,30,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,\
00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,2e,00,53,00,65,00,72,00,69,00,\
61,00,6c,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,33,00,2e,00,30,\
00,2e,00,30,00,2e,00,30,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,00,\
49,00,4f,00,2e,00,4c,00,6f,00,67,00,20,00,33,00,2e,00,30,00,2e,00,30,00,2e,\
00,30,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,2e,00,49,00,64,00,65,00,\
6e,00,74,00,69,00,74,00,79,00,4d,00,6f,00,64,00,65,00,6c,00,20,00,33,00,2e,\
00,30,00,2e,00,30,00,2e,00,30,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,\
4c,00,6f,00,67,00,00,00,53,00,70,00,79,00,62,00,6f,00,74,00,20,00,2d,00,20,\
00,53,00,65,00,61,00,72,00,63,00,68,00,20,00,26,00,20,00,44,00,65,00,73,00,\
74,00,72,00,6f,00,79,00,20,00,32,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,\
00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,\
72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,\
00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,\
6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,\
00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,4e,00,4c,00,20,00,\
48,00,69,00,76,00,65,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,4d,00,6f,00,64,00,65,00,6c,00,20,00,\
41,00,75,00,64,00,69,00,74,00,20,00,33,00,2e,00,30,00,2e,00,30,00,2e,00,30,\
00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,\
74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,\
00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,\
69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,\
00,72,00,64,00,6d,00,73,00,00,00,52,00,50,00,43,00,00,00,52,00,65,00,6d,00,\
6f,00,74,00,65,00,20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,63,\
00,65,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,50,00,\
65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,00,74,\
00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,72,00,\
66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,00,6b,\
00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,66,00,\
66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,4f,\
00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,00,\
75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,00,00,\
00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,\
4d,00,53,00,44,00,45,00,00,00,4d,00,53,00,53,00,48,00,41,00,00,00,4d,00,73,\
00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,\
53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,\
00,53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,\
00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,54,00,72,\
00,61,00,6e,00,73,00,61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,2e,00,42,00,\
72,00,69,00,64,00,67,00,65,00,20,00,33,00,2e,00,30,00,2e,00,30,00,2e,00,30,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,\
2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,\
00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,\
6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\
00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,\
61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,\
00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,\
65,00,72,00,66,00,00,00,4a,00,61,00,76,00,61,00,51,00,75,00,69,00,63,00,6b,\
00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,53,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00,48,00,6f,00,74,00,46,00,69,00,78,00,49,00,6e,00,73,00,74,\
00,61,00,6c,00,6c,00,65,00,72,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,\
63,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,\
00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,\
20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,\
00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,\
53,00,45,00,4e,00,54,00,00,00,45,00,41,00,50,00,4f,00,4c,00,00,00,44,00,72,\
00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,6f,00,74,00,33,00,53,00,\
76,00,63,00,00,00,44,00,69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,\
00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,\
00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,\
00,6b,00,00,00,43,00,61,00,72,00,64,00,53,00,70,00,61,00,63,00,65,00,20,00,\
33,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,41,00,56,00,47,00,37,00,00,\
00,41,00,75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,\
6e,00,74,00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,\
00,50,00,2e,00,4e,00,45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,\
37,00,32,00,37,00,2e,00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,\
00,20,00,31,00,2e,00,31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,\
41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,\
00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,\
70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,\
00,67,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,\
6e,00,20,00,45,00,72,00,72,00,6f,00,72,00,00,00,61,00,70,00,70,00,68,00,65,\
00,6c,00,70,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,00,7a,00,61,00,74,\
00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,\
2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,20,\
00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,20,00,52,00,65,00,\
70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,00,45,00,54,00,20,\
00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,70,00,70,00,6c,00,\
69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVG7]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com\www]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com\www]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org\www]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com\www]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cButtonsExternal]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cButtonsInternal]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cPalettes]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cPalettes\c0]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c0]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c1]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c10]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c11]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c12]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c13]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c14]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c15]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c16]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c17]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c18]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c2]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c3]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c4]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c5]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c6]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c7]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c8]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cToolbars\c9]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Search Assistant\ACMru\5604]
"000"="avg"
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirový systém AVG 7.0]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirový systém AVG 7.5]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count]
; Contents of value:
;
"HRZR_EHACVQY:%pf\
vqy6%\\bopubql\\Iýcebqrw fxynqh cbčígnčů n zbavgbeů i Cenmr !!!.hey"=hex:0b\
,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00
; Contents of value:
; f
"HRZR_EHACVQY:%pf\
vqy6%\\sbgb\\bopubql\\NNEBA-qvtvgáyaí sbgbncneágl,abgrobbxl,ivqrbxnzrel,YPQ\
zbavgbel.hey"=hex:66,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count]
; Contents of value:
; L
"HRZR_EHACVQY:%pf\
vqy2%\\Pbqrznfgref\\Bcrengvba Synfucbvag\\Bqfgenavg Bcrenpv Synfucbvag.yax"\
=hex:4c,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00
; Contents of value:
; _ đyT‚ÍĆ
"HRZR_EHAPCY:ahfezte.pcy ,vavgvnyGnfx=PunatrCvpgher"=hex:5f,01,00,00,06,00,00,\
00,f0,79,54,82,06,cd,c6,01
; Contents of value:
; š
"HRZR_EHACVQY:%pf\
vqy2%\\Qvfarl Vagrenpgvir Fghqvbf\\Cvengrf bs gur Pnevoorna - Ng Jbeyqf Raq\
\\Bqfgenavg ueh Cveágv m Xnevovxh - An xbapv fiěgn.yax"=hex:9a,02,00,00,02,\
00,00,00,00,00,00,00,00,00,00,00
; Contents of value:
; ţ
"HRZR_EHACVQY:P:\\
\Qbphzragf naq Frggvatf\\Abiáxbiv\\Erprag\\Ilzěavgryaý qvfx (W).yax"=hex:fe\
,02,00,00,02,00,00,00,00,00,00,00,00,00,00,00
; Contents of value:
; Ő
"HRZR_EHACVQY:P:\\
\Qbphzragf naq Frggvatf\\Abiáxbiv\\Erprag\\Theh wbfu cebwrpg - vasvavgl 200\
8[zc3.gryrqlfxv.vasb].yax"=hex:d5,04,00,00,00,00,00,00,00,00,00,00,00,00,00\
,00
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com\www]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com\www]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org\www]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com\www]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com\www]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com\www]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org\www]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com\www]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
; End Of The Log...
Prosím o kontrolu logu Vyřešeno
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad
a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvgDiagFile]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\GroupOrderList]
"AVG"=-
Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory ,
najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání
hodnoty do registru. Schval.
a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvgDiagFile]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\GroupOrderList]
"AVG"=-
Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory ,
najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání
hodnoty do registru. Schval.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Zkus potom na odstranění AVG:
http://www.avg.com/filedir/util/avg_arm ... emover.exe
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
http://www.avg.com/filedir/util/avg_arm ... emover.exe
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
C:\wj2jaeh0.sys
C:\wj2jaezn.sys
c:\windows\nsreg.dat
Folder::
c:\windows\SxsCaPendDel
DirLook::
c:\program files\dbQwikSite 5
Registry::
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Tak tady je log z Combofixu:
ComboFix 09-08-26.05 - Novákovi 26.08.2009 21:37.3.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.292 [GMT 2:00]
Spuštěný z: c:\documents and settings\Novákovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Novákovi\Plocha\CFScript.txt
AV: Antivirový systém AVG 7.1.384 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: avast! antivirus 4.8.1296 [VPS 090826-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\nsreg.dat"
"C:\wj2jaeh0.sys"
"C:\wj2jaezn.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\nsreg.dat
c:\windows\SxsCaPendDel
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-26 do 2009-08-26 )))))))))))))))))))))))))))))))
.
2009-08-24 19:19 . 2009-08-24 19:19 -------- d-----w- c:\program files\Trend Micro
2009-08-24 19:01 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 19:01 . 2009-08-24 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 19:01 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 20:31 . 2009-08-21 20:31 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\program files\MSBuild
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 20:29 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 20:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 20:29 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 20:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 20:29 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 20:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 20:29 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 20:29 . 2009-08-21 20:30 -------- dc----w- C:\a214e46986fc2621588cc5
2009-08-17 19:15 . 2009-08-17 19:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-16 19:39 . 2009-08-16 19:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-13 20:26 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-13 20:26 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-13 20:26 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-13 20:26 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-13 20:26 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-13 20:26 . 2009-07-19 16:46 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-13 20:26 . 2009-08-13 20:26 -------- d-----w- c:\windows\ie8updates
2009-08-13 20:25 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-13 20:23 . 2009-08-13 20:25 -------- dc-h--w- c:\windows\ie8
2009-08-12 19:18 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 08:09 . 2009-08-26 08:09 25601 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_49_26_small.dmp.zip
2009-08-26 08:09 . 2009-08-26 08:09 24262 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_48_13_small.dmp.zip
2009-08-25 18:46 . 2008-01-03 14:28 -------- d-----w- c:\program files\ICQToolbar
2009-08-21 20:37 . 2001-10-25 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-08-21 20:37 . 2001-10-25 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-08-08 08:55 . 2005-10-14 14:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-08 07:39 . 2008-08-23 16:10 -------- d-----w- c:\program files\GRETECH
2009-08-08 07:09 . 2007-01-22 20:18 -------- d-----w- c:\program files\BitLord
2009-08-08 07:09 . 2007-02-17 20:23 -------- d-----w- c:\program files\Valve
2009-08-08 07:07 . 2005-11-24 20:22 -------- d-----w- c:\program files\Google
2009-08-08 07:06 . 2009-02-28 15:55 -------- d-----w- c:\program files\Warcraft III
2009-08-08 07:04 . 2008-01-15 17:38 -------- d-----w- c:\program files\Nokia
2009-08-08 07:02 . 2005-10-09 09:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 07:02 . 2009-02-28 22:14 -------- d-----w- c:\program files\Garena
2009-08-05 09:01 . 2001-10-25 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 19:50 . 2009-07-14 18:18 -------- d-----w- c:\program files\ICQ6.5
2009-07-14 18:20 . 2008-01-03 14:26 -------- d-----w- c:\program files\ICQ6
2009-07-13 21:43 . 2005-10-09 09:04 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2001-10-25 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2001-10-25 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2001-10-25 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2001-10-25 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-10-09 08:30 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2001-10-25 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2001-10-25 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2008-02-29 19:23 . 2008-02-29 19:22 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2005-01-21 12:11 . 2007-03-20 13:43 215 ----a-w- c:\program files\ctimne.txt
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\dbQwikSite 5 ----
((((((((((((((((((((((((((((( SnapShot@2009-08-25_19.15.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-26 15:34 . 2009-08-26 15:34 16384 c:\windows\Temp\Perflib_Perfdata_278.dat
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-07-17 980752]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-21 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-15 113664]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.3.2009 22:14 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.8.2008 14:41 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.8.2008 14:41 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [26.11.2005 17:03 2368]
S2 gupdate1c999e3305db6e6;Google Update Service (gupdate1c999e3305db6e6);c:\program files\Google\Update\GoogleUpdate.exe [28.2.2009 22:23 133104]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [19.10.2006 13:11 10664]
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [9.10.2005 12:41 159104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:16]
2006-01-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8129386926.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 20:22]
2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 20:22]
2009-08-26 c:\windows\Tasks\User_Feed_Synchronization-{4ACBF038-D2E7-45F3-8F9D-E441912F0ACB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: {8A0F5456-5523-4CE8-8FA7-C7B81BDF9841} = 84.21.124.1,84.16.96.2
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 21:47
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-08-26 21:56
ComboFix-quarantined-files.txt 2009-08-26 19:55
ComboFix2.txt 2009-08-26 10:56
ComboFix3.txt 2009-08-25 19:23
Před spuštěním: Volných bajtů: 28 143 800 320
Po spuštění: Volných bajtů: 28 116 746 240
187 --- E O F --- 2009-08-25 21:36
a tady log z HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:00, on 26.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD LT 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0F5456-5523-4CE8-8FA7-C7B81BDF9841}: NameServer = 84.21.124.1,84.16.96.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c999e3305db6e6) (gupdate1c999e3305db6e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8914 bytes
ComboFix 09-08-26.05 - Novákovi 26.08.2009 21:37.3.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.292 [GMT 2:00]
Spuštěný z: c:\documents and settings\Novákovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Novákovi\Plocha\CFScript.txt
AV: Antivirový systém AVG 7.1.384 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: avast! antivirus 4.8.1296 [VPS 090826-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\nsreg.dat"
"C:\wj2jaeh0.sys"
"C:\wj2jaezn.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\nsreg.dat
c:\windows\SxsCaPendDel
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-26 do 2009-08-26 )))))))))))))))))))))))))))))))
.
2009-08-24 19:19 . 2009-08-24 19:19 -------- d-----w- c:\program files\Trend Micro
2009-08-24 19:01 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 19:01 . 2009-08-24 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 19:01 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 20:31 . 2009-08-21 20:31 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\program files\MSBuild
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 20:29 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 20:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 20:29 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 20:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 20:29 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 20:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 20:29 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 20:29 . 2009-08-21 20:30 -------- dc----w- C:\a214e46986fc2621588cc5
2009-08-17 19:15 . 2009-08-17 19:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-16 19:39 . 2009-08-16 19:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-13 20:26 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-13 20:26 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-13 20:26 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-13 20:26 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-13 20:26 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-13 20:26 . 2009-07-19 16:46 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-13 20:26 . 2009-08-13 20:26 -------- d-----w- c:\windows\ie8updates
2009-08-13 20:25 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-13 20:23 . 2009-08-13 20:25 -------- dc-h--w- c:\windows\ie8
2009-08-12 19:18 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 08:09 . 2009-08-26 08:09 25601 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_49_26_small.dmp.zip
2009-08-26 08:09 . 2009-08-26 08:09 24262 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_48_13_small.dmp.zip
2009-08-25 18:46 . 2008-01-03 14:28 -------- d-----w- c:\program files\ICQToolbar
2009-08-21 20:37 . 2001-10-25 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-08-21 20:37 . 2001-10-25 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-08-08 08:55 . 2005-10-14 14:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-08 07:39 . 2008-08-23 16:10 -------- d-----w- c:\program files\GRETECH
2009-08-08 07:09 . 2007-01-22 20:18 -------- d-----w- c:\program files\BitLord
2009-08-08 07:09 . 2007-02-17 20:23 -------- d-----w- c:\program files\Valve
2009-08-08 07:07 . 2005-11-24 20:22 -------- d-----w- c:\program files\Google
2009-08-08 07:06 . 2009-02-28 15:55 -------- d-----w- c:\program files\Warcraft III
2009-08-08 07:04 . 2008-01-15 17:38 -------- d-----w- c:\program files\Nokia
2009-08-08 07:02 . 2005-10-09 09:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 07:02 . 2009-02-28 22:14 -------- d-----w- c:\program files\Garena
2009-08-05 09:01 . 2001-10-25 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 19:50 . 2009-07-14 18:18 -------- d-----w- c:\program files\ICQ6.5
2009-07-14 18:20 . 2008-01-03 14:26 -------- d-----w- c:\program files\ICQ6
2009-07-13 21:43 . 2005-10-09 09:04 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2001-10-25 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2001-10-25 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2001-10-25 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2001-10-25 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-10-09 08:30 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2001-10-25 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2001-10-25 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2008-02-29 19:23 . 2008-02-29 19:22 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2005-01-21 12:11 . 2007-03-20 13:43 215 ----a-w- c:\program files\ctimne.txt
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\dbQwikSite 5 ----
((((((((((((((((((((((((((((( SnapShot@2009-08-25_19.15.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-26 15:34 . 2009-08-26 15:34 16384 c:\windows\Temp\Perflib_Perfdata_278.dat
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-07-17 980752]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-21 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-15 113664]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.3.2009 22:14 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.8.2008 14:41 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.8.2008 14:41 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [26.11.2005 17:03 2368]
S2 gupdate1c999e3305db6e6;Google Update Service (gupdate1c999e3305db6e6);c:\program files\Google\Update\GoogleUpdate.exe [28.2.2009 22:23 133104]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [19.10.2006 13:11 10664]
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [9.10.2005 12:41 159104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:16]
2006-01-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8129386926.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 20:22]
2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 20:22]
2009-08-26 c:\windows\Tasks\User_Feed_Synchronization-{4ACBF038-D2E7-45F3-8F9D-E441912F0ACB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: {8A0F5456-5523-4CE8-8FA7-C7B81BDF9841} = 84.21.124.1,84.16.96.2
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 21:47
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-08-26 21:56
ComboFix-quarantined-files.txt 2009-08-26 19:55
ComboFix2.txt 2009-08-26 10:56
ComboFix3.txt 2009-08-25 19:23
Před spuštěním: Volných bajtů: 28 143 800 320
Po spuštění: Volných bajtů: 28 116 746 240
187 --- E O F --- 2009-08-25 21:36
a tady log z HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:00, on 26.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD LT 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0F5456-5523-4CE8-8FA7-C7B81BDF9841}: NameServer = 84.21.124.1,84.16.96.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c999e3305db6e6) (gupdate1c999e3305db6e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8914 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Manuálně smaž:
c:\program files\dbQwikSite 5
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , fajfku.
c:\program files\dbQwikSite 5
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu Vyřešeno
Soubor dbQwickSite 5 jsem vůbec nenašel.
Chování PC se podstatně zlepšilo, nicméně při startu se stále oběvuje hláška (viz.předchozí strana):
C:\windows\system32\YONELABS\vsmon.exe
Validation failed for C:\windows\system32\VSINIT.dll. Your probablz are missing a necessary root certificate.
Je to něco co se dá vyřešit tady?
Chování PC se podstatně zlepšilo, nicméně při startu se stále oběvuje hláška (viz.předchozí strana):
C:\windows\system32\YONELABS\vsmon.exe
Validation failed for C:\windows\system32\VSINIT.dll. Your probablz are missing a necessary root certificate.
Je to něco co se dá vyřešit tady?
Kdo je online
Uživatelé prohlížející si toto fórum: DotNetDotCom.org [Bot] a 124 hostů