Problem so Security tool, desifrovanie logu

Zpráva

mirto · #1 Příspěvek od **mirto** » 13 led 2010 18:15

Zdravim, dnes sa mi do compu dostal security tool ani neviem jak a zneprijemnuje mi zivot

Docital som sa tu, ze to je nieco ako virus. Teraz fungujem na nudzovom rezime, vytvoril som aj log cez RSIT, prosim vas o pomoc s vytvorenim scriptu, ak to bude mozne

Logfile of random's system information tool 1.06 (written by random/random)
Run by Miro at 2010-01-13 16:58:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 93 GB (46%) free of 200 GB
Total RAM: 2047 MB (87% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-08 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RegistryMonitor1"=C:\WINDOWS\system32\qtplugin.exe [2009-12-19 489472]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-25 13680640]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"DRam prosessor"=C:\WINDOWS\system32\ishi.exe [2008-04-14 261632]
"18248427"=C:\DOCUME~1\ALLUSE~1\APPLIC~1\18248427\18248427.exe [2010-01-13 1121851]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-26 39408]
"restor32a"=C:\Documents and Settings\Miro\restor32a.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Miro"=C:\Documents and Settings\Miro\Miro.exe [2009-12-14 31744]
"RegistryMonitor1"=C:\WINDOWS\system32\qtplugin.exe [2009-12-19 489472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg]
C:\Documents and Settings\All Users\Documents\Settings\cbss.dll [2009-12-31 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxop81]
C:\WINDOWS\system32\xxop81.dll [2010-01-11 4624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 2.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11131352-d906-11de-86c8-0019dbb67c1b}]
shell\AutoRun\command - K:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
shell\open\command - K:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d90d196-b7dd-11de-8669-0019dbb67c1b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL HOME.eXe

======List of files/folders created in the last 1 months======

2010-01-13 16:56:21 ----D---- C:\WINDOWS\CSC
2010-01-13 16:56:13 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-13 16:04:06 ----D---- C:\Program Files\trend micro
2010-01-13 16:03:10 ----D---- C:\rsit
2010-01-13 15:22:52 ----D---- C:\32788R22FWJFW
2010-01-13 13:52:40 ----A---- C:\WINDOWS\system32\def.txt
2010-01-13 13:43:07 ----D---- C:\Documents and Settings\All Users\Application Data\18248427
2010-01-11 16:01:35 ----A---- C:\WINDOWS\system32\xxop81.dll
2010-01-06 22:24:00 ----D---- C:\Documents and Settings\Miro\Application Data\Winamp
2010-01-06 16:16:57 ----D---- C:\WINDOWS\RegisteredPackages
2010-01-06 16:16:23 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-01-06 16:16:23 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-01-06 16:16:23 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-01-06 16:16:23 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-01-06 16:16:23 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-01-06 16:16:23 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-01-06 16:16:23 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-01-06 16:16:23 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-01-06 16:16:23 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-01-06 16:16:23 ----N---- C:\WINDOWS\system32\px.dll
2010-01-06 16:16:21 ----D---- C:\Program Files\Winamp
2010-01-06 15:48:54 ----D---- C:\Program Files\MP3 Cutter
2010-01-06 15:48:54 ----A---- C:\WINDOWS\system32\win32.dll
2010-01-06 15:48:54 ----A---- C:\WINDOWS\system32\sql.dll
2010-01-01 21:06:21 ----D---- C:\Documents and Settings\Miro\Application Data\GanymedeNet
2010-01-01 21:05:40 ----D---- C:\Program Files\Ganymede
2009-12-29 01:21:13 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-12-28 16:10:44 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2009-12-26 11:44:37 ----SHD---- C:\WINDOWS\system32\lowsec
2009-12-24 11:31:14 ----D---- C:\Program Files\123 DVD Clone
2009-12-24 11:17:10 ----D---- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2009-12-24 11:16:28 ----D---- C:\Program Files\CDBurnerXP
2009-12-23 17:04:14 ----D---- C:\Program Files\Common Files\DirectX
2009-12-20 10:28:53 ----D---- C:\Program Files\Free YouTube Downloader Converter
2009-12-20 10:26:20 ----D---- C:\Program Files\YouTube Downloader
2009-12-19 10:34:37 ----A---- C:\WINDOWS\system32\qtplugin.exe
2009-12-15 13:45:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-15 13:45:19 ----D---- C:\Program Files\Common Files\Adobe
2009-12-15 13:45:19 ----D---- C:\Program Files\Adobe

======List of files/folders modified in the last 1 months======

2010-01-13 16:56:21 ----D---- C:\WINDOWS
2010-01-13 16:53:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-13 16:48:19 ----D---- C:\WINDOWS\Temp
2010-01-13 16:48:17 ----D---- C:\Program Files\Mozilla Firefox
2010-01-13 16:04:06 ----RD---- C:\Program Files
2010-01-13 16:02:39 ----D---- C:\WINDOWS\Prefetch
2010-01-13 13:52:40 ----D---- C:\WINDOWS\system32
2010-01-13 03:55:47 ----A---- C:\WINDOWS\system32\tdlcmd.dll
2010-01-09 22:01:38 ----HD---- C:\WINDOWS\inf
2010-01-09 22:01:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 22:16:51 ----D---- C:\Program Files\BitComet
2010-01-06 16:23:28 ----D---- C:\WINDOWS\security
2010-01-06 16:17:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-06 16:17:28 ----D---- C:\Program Files\Windows Media Player
2010-01-06 16:17:26 ----D---- C:\WINDOWS\system32\drivers
2010-01-05 17:21:08 ----D---- C:\Documents and Settings\Miro\Application Data\ICQ
2010-01-05 15:18:26 ----D---- C:\Downloads
2009-12-29 01:21:18 ----HD---- C:\Config.Msi
2009-12-29 01:21:17 ----SHD---- C:\WINDOWS\Installer
2009-12-28 23:54:33 ----D---- C:\Program Files\ICQ6.5
2009-12-28 14:47:16 ----D---- C:\Game
2009-12-25 06:47:00 ----SD---- C:\WINDOWS\Tasks
2009-12-24 10:28:26 ----A---- C:\WINDOWS\win.ini
2009-12-23 17:04:14 ----D---- C:\Program Files\Common Files
2009-12-22 14:04:43 ----D---- C:\Program Files\Google
2009-12-19 00:33:04 ----D---- C:\Documents and Settings\Miro\Application Data\Adobe
2009-12-18 14:32:00 ----A---- C:\WINDOWS\ODBC.INI
2009-12-15 13:33:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-14 21:21:06 ----SD---- C:\Documents and Settings\Miro\Application Data\Microsoft
2009-12-14 16:48:11 ----D---- C:\WINDOWS\system32\config
2009-12-14 06:45:54 ----D---- C:\WINDOWS\twain_32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-04-14 94592]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S1 jvnypnoj;jvnypnoj; \??\C:\Program Files\Common Files\Microsoft Shared\jvnypnoj.dll []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
S2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S3 GMSIPCI;GMSIPCI; \??\I:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 83344]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NTACCESS;NTACCESS; \??\I:\NTACCESS.sys []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-12-25 6301344]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\I:\NTGLM7X.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2005-04-12 17632]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 FAH@C:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;FAH@C:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe; C:\Program Files\Ubisoft\Far Cry 2\bin\FAH.exe -svcstart []
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-08 133104]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2009-10-26 14336]
S2 ICF;ICF; C:\WINDOWS\system32\svchost.exe [2009-10-26 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-22 153376]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2009-10-26 14336]
S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-12-25 163908]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2009-10-26 14336]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-26 66872]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-10-26 107832]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-26 182768]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2009-10-26 14336]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

pitimir · #2 Příspěvek od **pitimir** » 13 led 2010 19:39

Ahoj, vitaj na fore

Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.

mirto · #3 Příspěvek od **mirto** » 13 led 2010 19:55

dakujem za privitanie, tu su vysledky

DDS:

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Miro at 19:45:58,48 on st 13. 01. 2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1665 [GMT 1:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Miro\My Documents\Preberanie\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.icq.com/password
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=\\.\globalroot\systemroot\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [restor32a] c:\documents and settings\miro\restor32a.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Miro] c:\documents and settings\miro\Miro.exe
uRun: [RegistryMonitor1] "c:\windows\system32\qtplugin.exe"
mRun: [RegistryMonitor1] c:\windows\system32\qtplugin.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [DRam prosessor] ishi.exe
mRun: [18248427] c:\docume~1\alluse~1\applic~1\18248427\18248427.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunServices: [DRam prosessor] ishi.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [RegistryMonitor1] "c:\windows\temp\xodt.tmp"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: cbssreg - c:\documents and settings\all users\documents\settings\cbss.dll
Notify: xxop81 - xxop81.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\miro\applic~1\mozilla\firefox\profiles\y9bwhm8r.default\
FF - component: c:\documents and settings\miro\application data\mozilla\firefox\profiles\y9bwhm8r.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");

============= SERVICES / DRIVERS ===============

R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2002-8-29 69120]
S2 FAH@C:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;FAH@C:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;c:\program files\ubisoft\far cry 2\bin\fah.exe -svcstart --> c:\program files\ubisoft\far cry 2\bin\FAH.exe -svcstart [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-8 133104]
S2 ICF;ICF;c:\windows\system32\svchost.exe:exe.exe []
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2009-10-16 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2009-10-16 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2009-10-16 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2009-10-16 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2009-10-16 83344]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-01-13 16:44:13 0 d-----w- c:\docume~1\miro\applic~1\Malwarebytes
2010-01-13 16:44:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 16:44:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 16:44:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 16:44:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-13 15:04:06 0 d-----w- c:\program files\trend micro
2010-01-13 12:43:07 0 d-----w- c:\docume~1\alluse~1\applic~1\18248427
2010-01-11 15:01:35 4624 ----a-w- c:\windows\system32\xxop81.dll
2010-01-06 14:48:55 618496 ----a-w- c:\windows\system32\MSSTTFTTM.ocx
2010-01-06 14:48:55 609584 ----a-w- c:\windows\system32\comctl32.ocx
2010-01-06 14:48:55 209192 ----a-w- c:\windows\system32\tabctl32.ocx
2010-01-06 14:48:55 118064 ----a-w- c:\windows\system32\MSADODC.ocx
2010-01-06 14:48:54 98304 ----a-w- c:\windows\system32\Msdxm11.ocx
2010-01-06 14:48:54 644400 ----a-w- c:\windows\system32\Mscomct2.ocx
2010-01-06 14:48:54 233472 ----a-w- c:\windows\system32\Msdsn.ocx
2010-01-06 14:48:54 212992 ----a-w- c:\windows\system32\sql.dll
2010-01-06 14:48:54 140096 ----a-w- c:\windows\system32\comdlg32.ocx
2010-01-06 14:48:54 1069056 ----a-w- c:\windows\system32\win32.dll
2010-01-06 14:48:54 0 d-----w- c:\program files\MP3 Cutter
2010-01-04 08:19:33 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-01 20:06:21 0 d-----w- c:\docume~1\miro\applic~1\GanymedeNet
2010-01-01 20:05:40 0 d-----w- c:\program files\Ganymede
2009-12-30 10:11:20 31 ----a-w- C:\Autorun.inf
2009-12-29 00:25:25 56 ---ha-w- c:\docume~1\alluse~1\applic~1\ezsidmv.dat
2009-12-28 15:10:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-12-26 10:44:37 0 d-sh--w- c:\windows\system32\lowsec
2009-12-24 10:31:14 0 d-----w- c:\program files\123 DVD Clone
2009-12-24 10:17:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
2009-12-24 10:16:29 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-12-23 16:04:14 0 d-----w- c:\program files\common files\DirectX
2009-12-20 09:28:53 0 d-----w- c:\program files\Free YouTube Downloader Converter
2009-12-20 09:26:20 0 d-----w- c:\program files\YouTube Downloader
2009-12-19 09:34:37 489472 ----a-w- c:\windows\system32\qtplugin.exe
2009-12-14 20:54:37 31744 --sh--r- c:\documents and settings\miro\Miro.exe

==================== Find3M ====================

2010-01-13 02:55:47 28672 ----a-w- c:\windows\system32\tdlcmd.dll
2009-12-14 05:47:14 140692 ----a-w- c:\windows\hpoins14.dat
2009-11-07 22:49:58 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-10-26 12:53:43 14336 ----a-w- c:\windows\system32\svchost.exe
2009-10-26 10:35:12 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-26 10:24:44 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-26 10:24:34 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-26 10:24:34 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-22 19:42:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-04-14 03:42:20 261632 --sh--r- c:\windows\system32\ishi.exe

============= FINISH: 19:46:36,87 ===============

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 26. 9. 2009 8:21:37
System Uptime: 13. 1. 2010 16:56:07 (3 hours ago)

Motherboard: MSI | | MS-7369
Processor: AMD Athlon(tm) 64 Processor 4000+ | CPU 1 | 2611/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 195 GiB total, 90,554 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 8,85 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0446&SUBSYS_73691462&REV_A1\3&267A616A&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0446&SUBSYS_73691462&REV_A1\3&267A616A&0&09
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

123 DVD Clone
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BitComet 1.15
Bonjour
BufferChm
CDBurnerXP
CometBird (3.5.3)
Copy
CTDP Formula One 2006 Patch v1.1
CustomerResearchQFolder
DeepBurner v1.6.0.198
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_NS_LP_DocCD
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DolbyFiles
eSupportQFolder
F2100
F2100_doccd
F2100_Help
Fallout 3
Fraps (remove only)
Free YouTube Downloader Converter
GameDesire-Pool & Snooker
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Zem
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
ICQ6.5
ImagXpress
iTunes
Java(TM) 6 Update 16
K-Lite Codec Pack 5.1.0 (Full)
Logitech Gaming Software
Malwarebytes' Anti-Malware
MarketResearch
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional s aplikací FrontPage
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.7)
MP3 Cutter 1.2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Live
NeroLiveGadget
neroxml
Next Video Converter 2.1.0
NVIDIA Drivers
PowerISO
PSSWCORE
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
rFactor (remove only)
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
ShrinkTo5 GUI
Skype™ 4.1
SolutionCenter
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Status
Toolbox
TrayApp
Tv Style Beta 0.9
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
VideoToolkit01
WebFldrs XP
WebReg
Winamp
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
WinX Video Converter 4.1.1
World of Warcraft

==== End Of File ===========================

pitimir · #4 Příspěvek od **pitimir** » 13 led 2010 20:03

Sehr schon

Mas tam toho viac, nez som cakal...to mam rad

Stiahni ComboFix - NESPUSTAT.

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
DDS::
uInternet Connection Wizard,ShellNext = hxxp://www.icq.com/password
mWinlogon: Userinit=\\.\globalroot\systemroot\system32\userinit.exe,c:\windows\system32\sdra64.exe,
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [restor32a] c:\documents and settings\miro\restor32a.exe
uRun: [Miro] c:\documents and settings\miro\Miro.exe
uRun: [RegistryMonitor1] "c:\windows\system32\qtplugin.exe"
mRun: [RegistryMonitor1] c:\windows\system32\qtplugin.exe
mRun: [WinampAgent]
mRun: [DRam prosessor] ishi.exe
mRun: [18248427] c:\docume~1\alluse~1\applic~1\18248427\18248427.exe
mRunServices: [DRam prosessor] ishi.exe
dRun: [RegistryMonitor1] "c:\windows\temp\xodt.tmp"
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: cbssreg - c:\documents and settings\all users\documents\settings\cbss.dll
Notify: xxop81 - xxop81.dll

Driver::
ICF

Folder::
c:\docume~1\alluse~1\applic~1\18248427

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.

Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

mirto · #5 Příspěvek od **mirto** » 13 led 2010 22:16

Nic to nepomohlo, ziadny novy log. No teraz mam problem dostat sa do nudzoveho rezimu. Ako by sa dal najlahsie odstranit security tool? Teraz som v normalnom rezime a nemozem skoro nic robyt, okrem internetu mi brani pri vsetkych akciach, plocha je prazdna, ostala len spodna lista. Nasiel som miesto, kde sa nachadza C:\Documents and Settings\All Users\Application Data\18248427 ale nejde odstranit, co s tym?

mirto · #6 Příspěvek od **mirto** » 14 led 2010 00:43

Security tool som uz odstranil

Velmi lahky postup som nasiel na http://www.youtube.com/watch?v=9UoV1C4NbfU Este by som chcel vediet pitimir, co tam mam dalsie, ak by si vedel pomoct prosim ta, alebo hocikto kto v tych logoch nieco vydi

Teraz uz mozem v normalnom rezime pracovat, takze to pojde.

Spravil som sken cez mbam:

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3554
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

14. 1. 2010 1:03:39
mbam-log-2010-01-14 (01-03-37).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 140601
Uplynutý cas: 11 minute(s), 42 second(s)

Infikovaných procesov pamäte: 2
Infikovaných modulov pamäte: 2
Infikovaných registracných klúcov: 8
Infikovaných registracných hodnôt: 8
Infikovaných registracných údajov položiek: 3
Infikovaných priecinkov: 1
Infikovaných súborov: 16

Infikovaných procesov pamäte:
C:\Documents and Settings\Miro\Miro.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> No action taken.

Infikovaných modulov pamäte:
C:\WINDOWS\system32\xxop81.dll (Trojan.Goldun) -> No action taken.
C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (Trojan.Agent) -> No action taken.

Infikovaných registracných klúcov:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxop81 (Trojan.Goldun) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> No action taken.

Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miro (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\dram prosessor (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\18248427 (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dram prosessor (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\dram prosessor (Backdoor.Bot) -> No action taken.

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.

Infikovaných priecinkov:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

Infikovaných súborov:
C:\Documents and Settings\Miro\Miro.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Common Files\Microsoft Shared\jvnypnoj.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\Temp\2.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Mike\Mike.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juro\Local Settings\Temporary Internet Files\Content.IE5\GTMZKP6Z\volymm[1].htm (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\Juro\Local Settings\Temporary Internet Files\Content.IE5\GTMZKP6Z\vsgguhlmd[1].htm (Trojan.Backdoor) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\xxop81.dll (Trojan.Goldun) -> No action taken.
C:\Documents and Settings\Miro\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
C:\WINDOWS\system32:svchost.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> No action taken.
C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\Prefetch\SVCHOST.EXE (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (Trojan.Agent) -> No action taken.

pitimir · #7 Příspěvek od **pitimir** » 14 led 2010 13:05

Zmaz nalez MbAMu a vloz novy log z DDS, kapanek pozmenime skript pre CF

mirto · #8 Příspěvek od **mirto** » 14 led 2010 14:00

Vykonane, nalez zmazany. Chces vydiet aj attach.txt? Ak hej, tak to pridam.

DDS:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Miro at 13:52:31,90 on št 14. 01. 2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1685 [GMT 1:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Miro\My Documents\Preberanie\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.icq.com/password
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [restor32a] c:\documents and settings\miro\restor32a.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [RegistryMonitor1] "c:\windows\temp\xodt.tmp"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\miro\applic~1\mozilla\firefox\profiles\y9bwhm8r.default\
FF - component: c:\documents and settings\miro\application data\mozilla\firefox\profiles\y9bwhm8r.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");

============= SERVICES / DRIVERS ===============

R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2002-8-29 69120]
S2 FAH@C:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;FAH@C:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;c:\program files\ubisoft\far cry 2\bin\fah.exe -svcstart --> c:\program files\ubisoft\far cry 2\bin\FAH.exe -svcstart [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-8 133104]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2009-10-16 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2009-10-16 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2009-10-16 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2009-10-16 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2009-10-16 83344]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-01-13 23:46:53 98816 ----a-w- c:\windows\sed.exe
2010-01-13 23:46:53 77312 ----a-w- c:\windows\MBR.exe
2010-01-13 23:46:53 261632 ----a-w- c:\windows\PEV.exe
2010-01-13 23:46:53 161792 ----a-w- c:\windows\SWREG.exe
2010-01-13 23:46:28 0 d-s---w- C:\ComboFix
2010-01-13 16:44:13 0 d-----w- c:\docume~1\miro\applic~1\Malwarebytes
2010-01-13 16:44:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 16:44:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 16:44:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 16:44:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-13 15:04:06 0 d-----w- c:\program files\trend micro
2010-01-06 14:48:55 618496 ----a-w- c:\windows\system32\MSSTTFTTM.ocx
2010-01-06 14:48:55 609584 ----a-w- c:\windows\system32\comctl32.ocx
2010-01-06 14:48:55 209192 ----a-w- c:\windows\system32\tabctl32.ocx
2010-01-06 14:48:55 118064 ----a-w- c:\windows\system32\MSADODC.ocx
2010-01-06 14:48:54 98304 ----a-w- c:\windows\system32\Msdxm11.ocx
2010-01-06 14:48:54 644400 ----a-w- c:\windows\system32\Mscomct2.ocx
2010-01-06 14:48:54 233472 ----a-w- c:\windows\system32\Msdsn.ocx
2010-01-06 14:48:54 212992 ----a-w- c:\windows\system32\sql.dll
2010-01-06 14:48:54 140096 ----a-w- c:\windows\system32\comdlg32.ocx
2010-01-06 14:48:54 1069056 ----a-w- c:\windows\system32\win32.dll
2010-01-06 14:48:54 0 d-----w- c:\program files\MP3 Cutter
2010-01-04 08:19:33 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-01 20:06:21 0 d-----w- c:\docume~1\miro\applic~1\GanymedeNet
2010-01-01 20:05:40 0 d-----w- c:\program files\Ganymede
2009-12-30 10:11:20 31 ----a-w- C:\Autorun.inf
2009-12-29 00:25:25 56 ---ha-w- c:\docume~1\alluse~1\applic~1\ezsidmv.dat
2009-12-28 15:10:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-12-24 10:31:14 0 d-----w- c:\program files\123 DVD Clone
2009-12-24 10:17:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
2009-12-24 10:16:29 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-12-23 16:04:14 0 d-----w- c:\program files\common files\DirectX
2009-12-20 09:28:53 0 d-----w- c:\program files\Free YouTube Downloader Converter
2009-12-20 09:26:20 0 d-----w- c:\program files\YouTube Downloader

==================== Find3M ====================

2010-01-14 12:22:48 28672 ----a-w- c:\windows\system32\tdlcmd.dll
2009-12-14 05:47:14 140692 ----a-w- c:\windows\hpoins14.dat
2009-11-07 22:49:58 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-10-26 12:53:43 14336 ----a-w- c:\windows\system32\svchost.exe
2009-10-26 10:35:12 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-26 10:24:44 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-26 10:24:34 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-26 10:24:34 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-22 19:42:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-04-14 03:42:20 261632 --sh--r- c:\windows\system32\ishi.exe

============= FINISH: 13:53:13,00 ===============

pitimir · #9 Příspěvek od **pitimir** » 14 led 2010 18:26

Toto mi staci

1) Stiahni rkill a spust ho dvojklikom. Program spravi co ma a po scane sa sam ukonci.

Pozor: NERESTARTUJ PC (dolezite) a prejdi k dalsiemu kroku.

2) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
DDS::
uInternet Connection Wizard,ShellNext = hxxp://www.icq.com/password
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [restor32a] c:\documents and settings\miro\restor32a.exe
mRun: [WinampAgent]
dRun: [RegistryMonitor1] "c:\windows\temp\xodt.tmp"
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

StepDel::

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.

Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

A budem potrebovat aj logy z GMERu, zrejme TDL3...
3) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a nastavis program podla obrazku:
Obrázek

Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.

Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.

mirto · #10 Příspěvek od **mirto** » 14 led 2010 22:09

Vsetko som spravil ako si napisal. Z GMERu mam len jeden log, pretoze pri spusteni nezacal rychli scan. Mozno som to len ja zle spravil, neviem, ved sam posud.

novy log z CF

ComboFix 10-01-13.04 - Miro . 01. 2010 19:57:31.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1723 [GMT 1:00]
Running from: c:\documents and settings\All Users\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Miro\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.\documents\settings
c:\program files\ICQ6.5\ICQLRun.exe
C:\autorun.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\tdlcmd.dll
c:\windows\system32\win32.dll
c:\windows\temp\xodt.tmp

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF

((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-13 16:44 . 2010-01-13 16:44 -------- d-----w- c:\documents and settings\Miro\Application Data\Malwarebytes
2010-01-13 16:44 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 16:44 . 2010-01-13 16:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 16:44 . 2010-01-13 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 16:44 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 15:04 . 2010-01-13 15:58 -------- d-----w- c:\program files\trend micro
2010-01-13 15:03 . 2010-01-13 15:58 -------- d-----w- C:\rsit
2010-01-06 21:24 . 2010-01-06 21:24 -------- d-----w- c:\documents and settings\Miro\Application Data\Winamp
2010-01-06 14:48 . 2010-01-06 14:48 -------- d-----w- c:\program files\MP3 Cutter
2010-01-06 14:48 . 2004-11-14 04:27 212992 ----a-w- c:\windows\system32\sql.dll
2010-01-04 08:19 . 2010-01-13 19:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-01 20:06 . 2010-01-01 20:53 -------- d-----w- c:\documents and settings\Miro\Application Data\GanymedeNet
2010-01-01 20:05 . 2010-01-01 20:05 -------- d-----w- c:\program files\Ganymede
2009-12-29 00:21 . 2009-12-29 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-28 15:10 . 2009-12-28 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-12-24 10:31 . 2009-12-24 10:31 -------- d-----w- c:\program files\123 DVD Clone
2009-12-24 10:17 . 2009-12-24 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-12-24 10:16 . 2009-09-28 19:57 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-12-24 10:16 . 2009-12-24 17:51 -------- d-----w- c:\program files\CDBurnerXP
2009-12-23 16:04 . 2009-12-23 16:04 -------- d-----w- c:\program files\Common Files\DirectX
2009-12-20 09:28 . 2009-12-20 10:12 -------- d-----w- c:\program files\Free YouTube Downloader Converter
2009-12-20 09:26 . 2009-12-20 09:26 -------- d-----w- c:\program files\YouTube Downloader
2009-12-18 23:33 . 2009-12-18 23:33 -------- d-----w- c:\documents and settings\Miro\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 19:02 . 2009-09-28 18:22 -------- d-----w- c:\program files\ICQ6.5
2010-01-06 21:16 . 2009-10-08 07:44 -------- d-----w- c:\program files\BitComet
2010-01-06 15:17 . 2010-01-06 15:16 -------- d-----w- c:\program files\Winamp
2010-01-05 16:21 . 2009-10-06 12:46 -------- d-----w- c:\documents and settings\Miro\Application Data\ICQ
2009-12-29 00:25 . 2009-12-29 00:25 56 ---ha-w- c:\documents and settings\All Users\Application Data\ezsidmv.dat
2009-12-22 13:04 . 2009-09-26 13:20 -------- d-----w- c:\program files\Google
2009-12-15 12:45 . 2009-12-15 12:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-14 05:47 . 2009-10-15 07:45 140692 ----a-w- c:\windows\hpoins14.dat
2009-12-13 13:37 . 2009-12-13 13:37 -------- d-----w- c:\program files\ShrinkTo5
2009-12-08 21:40 . 2009-09-27 11:06 24736 ----a-w- c:\documents and settings\Miro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-08 20:53 . 2009-09-26 12:41 24736 ----a-w- c:\documents and settings\Peto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-08 17:20 . 2009-10-07 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-08 15:06 . 2009-09-26 20:40 25128 ----a-w- c:\documents and settings\Mammi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-08 13:47 . 2009-12-08 13:47 -------- d-----w- c:\documents and settings\Mammi\Application Data\HPAppData
2009-12-07 16:39 . 2009-12-07 16:39 -------- d-----w- c:\documents and settings\Miro\Application Data\Apple Computer
2009-12-03 20:59 . 2009-12-02 17:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-30 23:03 . 2009-11-30 23:03 79488 ----a-w- c:\documents and settings\Peto\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-29 11:10 . 2009-11-28 16:27 -------- d-----w- c:\program files\Any Video Converter
2009-11-29 11:09 . 2009-11-24 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-29 11:09 . 2009-11-24 14:58 -------- d-----w- c:\program files\Common Files\Nero
2009-11-29 11:09 . 2009-11-24 14:58 -------- d-----w- c:\program files\Nero
2009-11-28 20:23 . 2009-11-28 20:13 -------- d-----w- c:\documents and settings\Miro\Application Data\DeepBurner
2009-11-28 19:45 . 2009-11-28 19:45 -------- d-----w- c:\program files\Astonsoft
2009-11-28 16:51 . 2009-11-28 16:51 -------- d-----w- c:\program files\Digiarty
2009-11-28 16:35 . 2009-11-28 16:33 -------- d-----w- c:\program files\Next Video Converter
2009-11-26 19:25 . 2009-09-27 14:48 -------- d-----w- c:\program files\rFactor
2009-11-25 12:03 . 2009-11-25 12:03 -------- d-----w- c:\documents and settings\Miro\Application Data\Nero
2009-11-24 17:42 . 2009-11-24 17:42 -------- d-----w- c:\documents and settings\Peto\Application Data\Nero
2009-11-24 15:08 . 2009-11-24 15:08 -------- d-----w- c:\program files\Windows Sidebar
2009-11-07 22:49 . 2009-11-07 22:49 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-10-26 12:53 . 2001-08-23 13:00 14336 ----a-w- c:\windows\system32\svchost.exe
2009-10-26 10:35 . 2009-10-26 10:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-26 10:24 . 2009-10-26 10:24 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-26 10:24 . 2009-10-26 10:24 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-26 10:24 . 2009-10-26 10:24 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-26 10:24 . 2009-10-26 10:24 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-22 19:42 . 2009-10-22 19:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-04-14 03:42 . 2002-08-29 04:41 261632 --sh--r- c:\windows\system32\ishi.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-26 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

S2 FAH@C:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;FAH@C:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;c:\program files\Ubisoft\Far Cry 2\bin\FAH.exe -svcstart --> c:\program files\Ubisoft\Far Cry 2\bin\FAH.exe -svcstart [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8. 10. 2009 8:18 133104]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [16. 10. 2009 15:02 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [16. 10. 2009 15:02 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [16. 10. 2009 15:02 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [16. 10. 2009 15:12 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [16. 10. 2009 15:12 83344]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-08 07:18]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-08 07:18]

2010-01-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-09-27 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Miro\Application Data\Mozilla\Firefox\Profiles\y9bwhm8r.default\
FF - component: c:\documents and settings\Miro\Application Data\Mozilla\Firefox\Profiles\y9bwhm8r.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{7e38c772-ce06-481c-a1b4-be64386b9c2d} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe
AddRemove-{940165f0-d368-42be-b729-1459db3bddc9} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 20:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="c:\windows\System32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FAH@C:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe]
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-01-14 20:07:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-14 19:07

Pre-Run: 99 086 983 168 bytes free
Post-Run: 15 adresárov, 99 886 145 536 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer

- - End Of File - - D9E90D6A5114D7D5A17D47D99C1FA76B

GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-14 22:00:32
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Miro\LOCALS~1\Temp\kwpyrfod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9708360, 0x35363F, 0xE8000020]
? C:\ComboFix\catchme.sys Systém nemôže nájsť zadanú cestu. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systém nemôže nájsť zadaný súbor. !

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\_restore{0789B4E2-F09A-495D-BB48-F106202F2B44}\RP82\A0044123.exe:exe.exe 31744 bytes executable

---- EOF - GMER 1.0.15 ----

pitimir · #11 Příspěvek od **pitimir** » 15 led 2010 17:29

Super. Nastrkaj do PC vsetky USB, flashky atd...

1) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.

Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

2) Stiahni USBFix. Ukonci vsetky spustene veci a spust program. Vyber jazyk - v pripade anglictiny stlac E -> Enter. Dostanes do dalsieho menu. V nom stlac 2 -> Enter. Zacne sa scan, nezasahuj donho. Mozny je restart PC. Vytvoreny log najdes na "C:\UsbFix.txt", vloz ho sem.

3) Stiahni SystemLook. Uloz na plochu a spust. Do okna skopiruj:

Kód: Vybrat vše

:filefind
es.dll

:regfind
es.dll

Klikni na "Look" a nechaj program dokoncit scan. Po jeho skonceni sa ti zobrazi log, ktory potrebujem vidiet. V pripade problemov sa nachadza aj na ploche.

mirto · #12 Příspěvek od **mirto** » 15 led 2010 19:14

Musim to dat na viac krat, lebo sa to nezmesti do jednej spravy.

############################## | UsbFix V6.073 |

User : Miro (Administrators) # SCUDERIA-ZE8CXV
Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:01:56 | 15. 1. 2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 Processor 4000+
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled

C:\ -> Lokálny pevný disk # 195,31 Go (92,87 Go free) # NTFS
D:\ -> Lokálny pevný disk # 37,57 Go (14,32 Go free) # NTFS
E:\ -> Vymeniteľný disk
F:\ -> Vymeniteľný disk
G:\ -> Vymeniteľný disk
H:\ -> Vymeniteľný disk
I:\ -> Disk CD-ROM
J:\ -> Vymeniteľný disk # 1,87 Go (1008,5 Mo free) # FAT32

############################## | Active processes |

C:\WINDOWS\System32\smss.exe 696
C:\WINDOWS\system32\csrss.exe 760
C:\WINDOWS\system32\winlogon.exe 784
C:\WINDOWS\system32\services.exe 828
C:\WINDOWS\system32\lsass.exe 840
C:\WINDOWS\system32\svchost.exe 996
C:\WINDOWS\system32\svchost.exe 1076
C:\WINDOWS\System32\svchost.exe 1168
C:\WINDOWS\System32\svchost.exe 1212
C:\WINDOWS\system32\svchost.exe 1368
C:\WINDOWS\system32\logonui.exe 1388
C:\WINDOWS\system32\spoolsv.exe 1536
C:\WINDOWS\Explorer.EXE 1800
C:\WINDOWS\system32\KB905474\wgasetup.exe 1832
C:\WINDOWS\system32\KB905474\wgasetup.exe 1860
C:\WINDOWS\System32\svchost.exe 308
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 340
C:\Program Files\Bonjour\mDNSResponder.exe 528
C:\Program Files\Google\Update\GoogleUpdate.exe 624
C:\WINDOWS\system32\svchost.exe 724
C:\Program Files\Java\jre6\bin\jqs.exe 896
C:\WINDOWS\System32\svchost.exe 1156
C:\Program Files\CDBurnerXP\NMSAccessU.exe 1236
C:\WINDOWS\System32\nvsvc32.exe 1240
C:\WINDOWS\System32\svchost.exe 1704
C:\WINDOWS\system32\PnkBstrA.exe 1720
C:\WINDOWS\system32\PnkBstrB.exe 1732
C:\WINDOWS\System32\svchost.exe 1920
C:\WINDOWS\system32\wdfmgr.exe 2012
C:\WINDOWS\system32\wuauclt.exe 604
C:\WINDOWS\System32\alg.exe 1932
C:\WINDOWS\system32\wbem\wmiprvse.exe 2104
C:\WINDOWS\system32\wscntfy.exe 2144
C:\WINDOWS\system32\msiexec.exe 2152
C:\WINDOWS\system32\msiexec.exe 2172
C:\WINDOWS\system32\MsiExec.exe 2240

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-602162358-682003330-725345543-1006
Deleted ! D:\Recycler\S-1-5-21-1801674531-1450960922-725345543-1003
Deleted ! D:\Recycler\S-1-5-21-1801674531-1450960922-725345543-1004
Deleted ! D:\Recycler\S-1-5-21-1801674531-1450960922-725345543-1005
Deleted ! D:\Recycler\S-1-5-21-1801674531-1450960922-725345543-1006
Deleted ! D:\Recycler\S-1-5-21-2000478354-2077806209-839522115-1003
Deleted ! D:\Recycler\S-1-5-21-2000478354-2077806209-839522115-1004
Deleted ! D:\Recycler\S-1-5-21-2000478354-2077806209-839522115-1005
Deleted ! D:\Recycler\S-1-5-21-2000478354-2077806209-839522115-1006
Deleted ! D:\Recycler\S-1-5-21-2000478354-2077806209-839522115-1007
Deleted ! D:\Recycler\S-1-5-21-602162358-682003330-725345543-1003
Deleted ! D:\Recycler\S-1-5-21-602162358-682003330-725345543-1004
Deleted ! D:\Recycler\S-1-5-21-602162358-682003330-725345543-1006
Deleted ! D:\Recycler\S-1-5-21-602162358-682003330-725345543-1007
Deleted ! J:\comment.htt
Deleted ! J:\winfile.exe
Deleted ! J:\autorun.inf

################## | Registry # Infected Keys |

Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Registry # Mountpoints2 |

################## | Listing of the present files |

[26. 09. 2009 07:20|--a------|0] C:\AUTOEXEC.BAT
[26. 09. 2009 07:56|--a------|327] C:\Boot.bak
[14. 01. 2010 19:52|-rahs----|398] C:\boot.ini
[03. 08. 2004 23:00|--a------|260272] C:\cmldr
[15. 01. 2010 18:51|--a------|14312] C:\ComboFix.txt
[26. 09. 2009 07:20|--a------|0] C:\CONFIG.SYS
[26. 09. 2009 07:20|-rahs----|0] C:\IO.SYS
[27. 09. 2009 17:15|--a------|3383] C:\LGSInst.Log
[26. 09. 2009 07:20|-rahs----|0] C:\MSDOS.SYS
[26. 09. 2009 07:46|-rahs----|47564] C:\NTDETECT.COM
[26. 09. 2009 07:46|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[15. 01. 2010 19:04|--a------|4429] C:\UsbFix.txt
[21. 10. 2009 09:24|--a------|10928] C:\¦ivotopis.docx
[15. 12. 2009 14:09|-r-hs----|31744] J:\Mike.exe
[15. 12. 2009 14:09|--a------|162304] J:\antioxidanty, matroç.doc
[15. 12. 2009 15:28|---hs----|72] J:\desktop.ini

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# J:\autorun.inf -> Folder created by UsbFix.

################## | Crack > Keygen > Serial |

################## | Upload |

Please send the file : C:\DOCUME~1\Miro\Desktop\UsbFix_Upload_Me_SCUDERIA-ZE8CXV.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.073 ! |

mirto · #13 Příspěvek od **mirto** » 15 led 2010 19:16

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:08 on 15/01/2010 by Miro (Administrator - Elevation successful)

========== filefind ==========

Searching for "es.dll"
C:\Program Files\Google\Chrome\Application\3.0.195.33\Locales\es.dll --a--- 132080 bytes [23:30 16/11/2009] [23:11 11/11/2009] 3C442FE43D07258322E5C7F7FA0DAFB1
C:\Program Files\Google\Chrome\Application\3.0.195.38\Locales\es.dll --a--- 132592 bytes [10:35 16/12/2009] [23:21 09/12/2009] 56D2209146A1D9C2D800676079A4A4DC
C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll --a--- 253952 bytes [20:23 07/07/2008] [20:23 07/07/2008] F17F6226BDC0CD5F0BEF0DAF84D29BEC
C:\WINDOWS\$NtServicePackUninstall$\es.dll -----c 225280 bytes [06:45 26/09/2009] [04:40 29/08/2002] C9702DDD814C39DC1254CF757C31C6E4
C:\WINDOWS\$NtUninstallKB950974$\es.dll -----c 246272 bytes [01:03 27/09/2009] [03:41 14/04/2008] 19A799805B24990867B00C120D300C3A
C:\WINDOWS\ERDNT\cache\es.dll --a--- 253952 bytes [19:07 14/01/2010] [20:26 07/07/2008] D4991D98F2DB73C60D042F1AEF79EFAE
C:\WINDOWS\ServicePackFiles\i386\es.dll ------ 246272 bytes [06:47 26/09/2009] [03:41 14/04/2008] 19A799805B24990867B00C120D300C3A
C:\WINDOWS\system32\dllcache\es.dll -----c 253952 bytes [20:26 07/07/2008] [20:26 07/07/2008] D4991D98F2DB73C60D042F1AEF79EFAE
C:\WINDOWS\system32\es.dll ------ 253952 bytes [04:40 29/08/2002] [20:26 07/07/2008] D4991D98F2DB73C60D042F1AEF79EFAE

========== regfind ==========

Searching for "es.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\COMRes.dll]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\UNIRES.DLL]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\wab32res.dll]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\wmiapres.dll]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\wmmres.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}\DefaultIcon]
@="C:\Program Files\Sony Ericsson\Mobile2\File Manager\FMRes.dll,-20038"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D2EEBB-B520-4C88-B2E6-C27FB33AC836}\InprocServer32]
@="C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\ACEES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D2EEBB-B520-4C88-B2E6-C27FB33AC836}\InprocServer32]
@="C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\ACEES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c5c43a3-9ce9-4a9b-9699-2ac0cf6cc4bf}]
@="@xpsp2res.dll,-16201"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c5c43a3-9ce9-4a9b-9699-2ac0cf6cc4bf}]
@="@xpsp2res.dll,-16201"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c5c43a3-9ce9-4a9b-9699-2ac0cf6cc4bf}\DefaultIcon]
@="%SystemRoot%\system32\xpsp2res.dll,-2026"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E14FBA2-2E22-11D1-9964-00C04FBBB345}\InprocServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E14FBA2-2E22-11D1-9964-00C04FBBB345}\InprocServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B8F404-A4AE-11D1-B7B6-00C04FB926AF}\InProcServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B8F404-A4AE-11D1-B7B6-00C04FB926AF}\InProcServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7542E960-79C7-11D1-88F9-0080C7D771BF}\InprocServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7542E960-79C7-11D1-88F9-0080C7D771BF}\InprocServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78CB147A-98EA-4AA6-B0DF-C8681F69341C}\DefaultIcon]
@="c:\WINDOWS\system32\icardres.dll.mui,-4096"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DB7A13C-F208-4981-8353-73CC61AE2783}\DefaultIcon]
@="C:\WINDOWS\System32\xpsp2res.dll,-800"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB944620-79C6-11D1-88F9-0080C7D771BF}\InprocServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB944620-79C6-11D1-88F9-0080C7D771BF}\InprocServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}\InprocServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}\InprocServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDBEC9C0-7A68-11D1-88F9-0080C7D771BF}\InprocServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDBEC9C0-7A68-11D1-88F9-0080C7D771BF}\InprocServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}\InprocServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}\InprocServer32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}\InprocServer32]
@="C:\WINDOWS\System32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}\InprocServer32]
@="C:\WINDOWS\System32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}\InprocServer32]
@="C:\WINDOWS\System32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}\InprocServer32]
@="C:\WINDOWS\System32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}\InprocServer32]
@="C:\WINDOWS\System32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}\InprocServer32]
@="C:\WINDOWS\System32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978650-5B9F-11D1-8DD2-00AA004ABD5E}\InprocServer32]
@="C:\WINDOWS\System32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978650-5B9F-11D1-8DD2-00AA004ABD5E}\InprocServer32]
@="C:\WINDOWS\System32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}\InprocServer32]
@="C:\WINDOWS\System32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}\InprocServer32]
@="C:\WINDOWS\System32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECABB0C6-7F19-11D2-978E-0000F8757E2A}\InprocServer32]
@="C:\WINDOWS\system32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECABB0C6-7F19-11D2-978E-0000F8757E2A}\InprocServer32]
@="C:\WINDOWS\system32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}\InprocServer32]
@="C:\WINDOWS\system32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}\InprocServer32]
@="C:\WINDOWS\system32\ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dcsfile\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,11"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ecsfile\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\fcsfile\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,12"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:|Program Files|Reference Assemblies|Microsoft|Framework|v3.0|System.Workflow.Activities.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:|Program Files|Reference Assemblies|Microsoft|Framework|v3.0|UIAutomationTypes.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:|Program Files|Reference Assemblies|Microsoft|Framework|v3.5|System.Data.Services.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:|Program Files|Reference Assemblies|Microsoft|Framework|v3.5|System.WorkflowServices.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.InformationCard]
"FriendlyTypeName"="@c:\WINDOWS\system32\icardres.dll.mui,-4162"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.InformationCard]
"FriendlyTypeName"="@c:\WINDOWS\system32\icardres.dll.mui,-4162"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.InformationCard]
"FriendlyTypeName"="@c:\WINDOWS\system32\icardres.dll.mui,-4162"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.InformationCard\DefaultIcon]
@="c:\WINDOWS\system32\icardres.dll.mui,-4112"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.InformationCard\Shell\open]
@="@c:\WINDOWS\system32\icardres.dll.mui,-4160"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.WindowsCardSpaceBackup\DefaultIcon]
@="c:\WINDOWS\system32\icardres.dll.mui,-4113"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.WindowsCardSpaceBackup\Shell\open]
@="@c:\WINDOWS\system32\icardres.dll.mui,-4144"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ncsfile\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ODCCUBEFILE\DefaultIcon]
@="C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSORES.DLL,19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ODCDATABASEFILE\DefaultIcon]
@="C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSORES.DLL,20"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ODCNEWFILE\DefaultIcon]
@="C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSORES.DLL,21"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ODCTABLEFILE\DefaultIcon]
@="C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSORES.DLL,18"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tcsfile\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E14FB90-2E22-11D1-9964-00C04FBBB345}\1.0\0\win32]
@="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EC4FCC12-9CAC-4DEA-A0BE-700CA05076EA}\1.0\0\win32]
@="C:\Program Files\Microsoft Office\Office10\MSTORES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:catalog\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,15"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:catalog-settings\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-12471"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:contentclassdef\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-13101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:exchange55startaddress\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-12451"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:exchangestartaddress\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-12451"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:filestartaddress\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-12453"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:management\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,20"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:notesstartaddress\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-12456"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:remoteworkspacestartaddress\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-12454"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:webstartaddress\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-12450"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:wizard/addcontentclass\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-13100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:wizard/addsearchcontentlocation\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-12461"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:workspace-settings\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-12472"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:workspaceconfiguration\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-12476"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\urn:content-classes:workspacestartaddress\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,-12454"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UXDCFILE\DefaultIcon]
@="C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSORES.DLL,-560"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wcsfile\DefaultIcon]
@="C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll,9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Windows.Movie.Maker]
"FriendlyTypeName"="@C:\Program Files\Movie Maker\wmmres.dll,-61804"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Windows.Movie.Maker\DefaultIcon]
@="C:\Program Files\Movie Maker\wmmres.dll,3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Windows.Movie.Maker\Shell\Open]
@="@C:\Program Files\Movie Maker\wmmres.dll,-61805"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB888111WXP\Filelist\6]
"FileName"="HdAudRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB888111WXP\Filelist\6]
"FileName"="HdAudRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB888111WXP\Filelist\6]
"FileName"="HdAudRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB888111WXP\Filelist\6]
"FileName"="HdAudRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB888111WXP\Filelist\6]
"FileName"="HdAudRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB923561\Filelist\3]
"FileName"="xpsp4res.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB923561\Filelist\3]
"FileName"="xpsp4res.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB923561\Filelist\3]
"FileName"="xpsp4res.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB923561\Filelist\3]
"FileName"="xpsp4res.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB923561\Filelist\3]
"FileName"="xpsp4res.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB923561\Filelist\7]
"FileName"="xpsp4res.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB923561\Filelist\7]
"FileName"="xpsp4res.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB923561\Filelist\7]
"FileName"="xpsp4res.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB923561\Filelist\7]
"FileName"="xpsp4res.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB923561\Filelist\7]
"FileName"="xpsp4res.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\0]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\0]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\0]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\0]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\0]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\1]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\1]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\1]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\1]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\1]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\2]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\2]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\2]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\2]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist\2]
"FileName"="es.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB954550-v5\Filelist\18]
"FileName"="unires.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB954550-v5\Filelist\18]
"FileName"="unires.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB954550-v5\Filelist\18]
"FileName"="unires.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB954550-v5\Filelist\18]
"FileName"="unires.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB954550-v5\Filelist\18]
"FileName"="unires.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB954550-v5\Filelist\38]
"FileName"="unires.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB954550-v5\Filelist\38]
"FileName"="unires.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB954550-v5\Filelist\38]
"FileName"="unires.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB954550-v5\Filelist\38]
"FileName"="unires.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB954550-v5\Filelist\38]
"FileName"="unires.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0297059B4B28D494496583876A268BB9]
"DC3BF90CC0D3D2F398A9A6D1762F70F3"="c?\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06DBC900CA946154081BAE7B81842928]
"DC3BF90CC0D3D2F398A9A6D1762F70F3"="c?\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0AC2C3E3B66692241A05563BB4273854]
"F65865963B6B0EB4ABB0F894B53E0233"="C:\Program Files\Apple Software Update\SoftwareUpdateFiles.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E62BD2EB48FBD114AC9EE85558D5939]
"D55AEDAA438CBCB4893AB4D8C1814FEE"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServices.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E71C42597A1AB947A6299E7772CBEA0]
"0DC1503A46F231838AD88BCDDC8E8F7C"="c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28D06D9075070F54485E1B43B34B1533]
"0DC1503A46F231838AD88BCDDC8E8F7C"="c?\WINDOWS\system32\icardres.dll.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2AD98574F47CE1846823708FEB286154]
"79F70AEA8809c7948812F063DBD52C15"="C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbuiRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43D97B78C1F32604D9A2F6053436E476]
"5f59a6fd1cdaa604db6ca27acc1028aa"="C:\Program Files\Nero\Nero 9\Nero Live\PTT\NMTVServices.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B5D31F72BA8F3A44BE0163C84E6B32E]
"39EF43AD5CD50E84CA8C5A83E950BB15"="C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\520429B8099CFF44D9317E06DB8ADD9E]
"D1A93E0DEEC058D44B2A3EEB99D070E5"="C?\Program Files\HP\Digital Imaging\bin\ES002Res.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D1A2F36440368F429B0F03430B76F88]
"26DDC2EC4210AC63483DF9D4FCC5B59D"="c?\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E743E26CA007804580F1F5C5D683E88]
"00002109F100A0C00000000000F01FEC"="C:\Program Files\Common Files\Microsoft Shared\PROOF\3082\MSGR3ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6700AAA706A18C94F81162C6A79EDCA7]
"CDD2E27F8BD309142AD13688D359F57E"="C:\Program Files\HP\Digital Imaging\graphics\hpqd_resources_files.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697F86A010FA2D11E8BC0008F5A48ED3]
"00002109F100A0C00000000000F01FEC"="C:\Program Files\Common Files\Microsoft Shared\PROOF\MSHY3ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B364D5C0D8C7284FB7386C0F7753664]
"DC3BF90CC0D3D2F398A9A6D1762F70F3"="c?\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C1D1B9EC8B9F224FB9A8B24A4FEE426]
"BB1E291B4A89963429176911A7755F64"="C:\Program Files\Sony Ericsson\Mobile2\File Manager\FMRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\758686333E81D39419B91222F230A84C]
"26DDC2EC4210AC63483DF9D4FCC5B59D"="c?\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75B182D1285F51D49B4AC0AF633ACD51]
"5040820900063D11C8EF00054038389C"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PKMRES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\791D415497635214D86DA5065606FE98]
"CDD2E27F8BD309142AD13688D359F57E"="C?\Program Files\HP\Digital Imaging\data\hpqd_default_sticky_preferences.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7EEA57CAE2BDBB545A5BEE53985B18E3]
"9C3B82F298C26024B833A8CD59774CB9"="C?\Program Files\HP\Digital Imaging\bin\SS001Res.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F1BBA53C57121041B28762241C8F009]
"00000000000000000000000000000000"="c?\WINDOWS\system32\mscories.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F1BBA53C57121041B28762241C8F009]
"00000000000000000000000000000000"="c?\WINDOWS\system32\mscories.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FD8D54E8716B64428FAA578DF2411DF]
"39EF43AD5CD50E84CA8C5A83E950BB15"="C:\Program Files\iTunes\iTunes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\897F86A010FA2D11E8BC0008F5A48ED3]
"00002109F100A0C00000000000F01FEC"="C:\Program Files\Common Files\Microsoft Shared\PROOF\MSTH3ES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9056426A07FB13D4DA07AB2FE084DA3F]
"DC3BF90CC0D3D2F398A9A6D1762F70F3"="c?\WINDOWS\system32\MUI\0409\mscorees.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\91A3E9AA95E3ABA47A882F7D3DF511B3]
"00002119210000000000000000F01FEC"="C:\Program Files\Microsoft Office\Office12\MSTORES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94B27325F6AA5204495D7C9A3DB16BCF]
"C839E3454CDB33946A211092936948F5"="C?\Program Files\HP\Digital Imaging\bin\HpqTrRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94B60D3FC1A102C438A0025D50F368E4]
"42C2662EE13B94340A4823BE678E7B06"="C?\Program Files\HP\Digital Imaging\help\Ut_Manageimages.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CF18FF2CD608F44977D71604FEF79C]
"DC3BF90CC0D3D2F398A9A6D1762F70F3"="c?\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9F3E0BD4DB6EA7F4A9297207D7A3279E]
"9C3B82F298C26024B833A8CD59774CB9"="C?\Program Files\HP\Digital Imaging\bin\hpqsvres.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADD5884B60E795641A4DD0FBF64C5053]
"DC3BF90CC0D3D2F398A9A6D1762F70F3"="c?\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB1D77968782FA54D9D2F3F45A63C14A]
"CDD2E27F8BD309142AD13688D359F57E"="C?\Program Files\HP\Digital Imaging\data\hpqd_default_preferences.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC8352DBB2B67F14E93ED5455DE0B8C0]
"39EF43AD5CD50E84CA8C5A83E950BB15"="C:\Program Files\iTunes\iTunes.Resources\iTunes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEFA76308DD93D1118F000087C8201A8]
"5040820900063D11C8EF00054038389C"="C:\Program Files\Microsoft Office\Office10\MSTORES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C02AC9CD80A12CF46A946687DBB62569]
"00002119210000000000000000F01FEC"="C:\Program Files\Microsoft Office\MEDIA\OFFICE12\LINES\LINES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C02AC9CD80A12CF46A946687DBB62569]
"00002119210000000000000000F01FEC"="C:\Program Files\Microsoft Office\MEDIA\OFFICE12\LINES\LINES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C340D74E96424E64F90FC29C080B809F]
"DC3BF90CC0D3D2F398A9A6D1762F70F3"="c?\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C35597A54C58D2248861553C918E2EB9]
"DC3BF90CC0D3D2F398A9A6D1762F70F3"="c?\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB30634379E355740BF715AF5E98BB6C]
"0DC1503A46F231838AD88BCDDC8E8F7C"="c:\WINDOWS\system32\MUI\0409\icardres.dll.mui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D94C8360B8BB2DC41B1950E0F8237563]
"00002119210000000000000000F01FEC"="C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSORES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E862F874AB149324190BDE000229BE89]
"68AB67CA7DA73301B7449A0200000010"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeExtractFiles.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE9328268BFB9044A823953852BE8A81]
"0DC1503A46F231838AD88BCDDC8E8F7C"="c?\WINDOWS\system32\icardres.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEF0EDECDC7A98743A4348BE6F7A90FD]
"00002109E60090400000000000F01FEC"="C:\Program Files\Microsoft Office\Office12\1033\VVIEWRES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F06603195240FED4C8C34033151C91B6]
"9C3B82F298C26024B833A8CD59774CB9"="C?\Program Files\HP\Digital Imaging\bin\KYGRPRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F84D437E63ED8F944853626BA5841831]
"0DC1503A46F231838AD88BCDDC8E8F7C"="c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\snapshot.exe]
"RequiredFile"="SSRES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\snapshot.exe]
"RequiredFile"="SSRES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\snapshot.exe]
"RequiredFile"="SSRES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\Files\0]
@="rtcres.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMDEn]
"Link0"="@xpsp1res.dll,-2048"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Path"="C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Path"="C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Path"="C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Path"="C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Path"="C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RC\msoeres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RC\wab32res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\acctres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\alpsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\bckgres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\br24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\br9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\brhjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\brhlres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\bul18res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\bul24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\bull9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\chkrres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\citohres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\clusres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\cn330res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\cnbjcres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\cnlbpres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\comres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\cq12sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\cq30sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\cq60sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\cq70sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\cq75sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\cq90sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ct24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ct9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\dc24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\dc9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\dclsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\dfrgres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\diconres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\dmdskres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\dpcres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ecp2eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ep24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ep2bres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ep9bres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ep9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\epcl5res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\escp2res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\exp24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\fu24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\fu9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\fupclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\fx5eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\fxsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\hcappres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\hpdjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\hppjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\hpqjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\hptjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\hrtzres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ib238res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ib239res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ib52res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ibmptres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ibp24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ibppdres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ibprores.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ibps1res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ibqwres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\icwres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\inetres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\jp350res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\kmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\kyores.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\kyrares.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lmikjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lmpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lx238res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lxaasres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lxacsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lxadsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lxaesres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lxcasres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lxfmpres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lxinkres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lxmasres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lxmdsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lxrosres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lxsysres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mcsdmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\minolres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mltres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\msoeres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mt735res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mt90res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mtbjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mtltres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mtpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mty24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mty9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\nc24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ncpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ntfrsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\od9ibres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ok9ibres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\okd24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\oki24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\oki9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\okm24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\okml9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ol24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ol9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\old24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\old9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\opteures.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\optrares.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\pa24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\pa9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\pcl4res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\pcl5eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\pcl5ures.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\pcleures.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\riafres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ricohres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\rvseres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\sek24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\sek9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\sfmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\shvlres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\skcolres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\sml8xres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\st24eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\star9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\stjtres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\str24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\str9eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ti850res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\tly3res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\tly5cres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\tlyp6res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\tp4res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ttyres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ty2x3res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ty2x4res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\unires.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\wab32res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\wmiapres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\wmm2res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\wmmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\wp24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\wp9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\xrpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\xrpr6res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application Error]
"EventMessageFile"="%SystemRoot%\System32\faultrep.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\CardSpace 3.0.0.0]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;c:\WINDOWS\system32\icardres.dll.mui"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\CardSpace 3.0.0.0]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;c:\WINDOWS\system32\icardres.dll.mui"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM+]
"EventMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM+]
"EventMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM+]
"EventMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\EventSystem]
"CategoryMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\EventSystem]
"CategoryMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\HelpSvc]
"EventMessageFile"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\HCAppRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC Client]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC Client]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSSQLSERVER/MSDE]
"EventMessageFile"="%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Remote Assistance]
"EventMessageFile"="%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\RPC]
"EventMessageFile"="%SystemRoot%\System32\xpsp3res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\system32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\System.ServiceModel.Install 3.0.0.0]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Tlntsvr]
"EventMessageFile"="C:\WINDOWS\System32\tlntsvr.exe;C:\WINDOWS\System32\xpsp1res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userenv]
"EventMessageFile"="%SystemRoot%\System32\userenv.dll;%SystemRoot%\System32\xpsp1res.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WinMgmt]
"EventMessageFile"="%SystemRoot%\system32\WBEM\WinMgmtR.dll;%SystemRoot%\system32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WMI.NET Provider Extension]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WMIAdapter]
"EventMessageFile"="%SystemRoot%\system32\WBEM\WMIApRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Application Popup]
"EventMessageFile"="%SystemRoot%\System32\ntdll.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\BITS]
"CategoryMessageFile"="%systemroot%\system32\xpob2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\BITS]
"CategoryMessageFile"="%systemroot%\system32\xpob2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DCOM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DCOM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Http]
"EventMessageFile"="%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Kerberos]
"EventMessageFile"="%SystemRoot%\System32\kerberos.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MSDTC Gateway]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MSDTC WS-AT Protocol]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Print]
"EventMessageFile"="%SystemRoot%\System32\LocalSpl.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasMan]
"EventMessageFile"="%SystemRoot%\System32\mprmsg.dll;%SystemRoot%\System32\xpsp3res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Tcpip]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Parameters]
"ServiceDll"="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Parameters]
"ServiceDll"="C:\WINDOWS\System32\es.dll"

mirto · #14 Příspěvek od **mirto** » 15 led 2010 19:19

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RC\msoeres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RC\wab32res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\acctres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\alpsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\bckgres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\br24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\br9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\brhjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\brhlres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\bul18res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\bul24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\bull9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\chkrres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\citohres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\clusres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\cn330res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\cnbjcres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\cnlbpres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\comres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\cq12sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\cq30sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\cq60sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\cq70sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\cq75sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\cq90sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ct24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ct9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\dc24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\dc9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\dclsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\dfrgres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\diconres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\dmdskres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\dpcres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ecp2eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ep24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ep2bres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ep9bres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ep9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\epcl5res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\escp2res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\exp24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\fu24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\fu9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\fupclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\fx5eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\fxsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\hcappres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\hpdjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\hppjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\hpqjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\hptjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\hrtzres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ib238res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ib239res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ib52res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ibmptres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ibp24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ibppdres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ibprores.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ibps1res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ibqwres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\icwres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\inetres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\jp350res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\kmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\kyores.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\kyrares.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lmikjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lmpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lx238res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lxaasres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lxacsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lxadsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lxaesres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lxcasres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lxfmpres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lxinkres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lxmasres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lxmdsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lxrosres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lxsysres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\mcsdmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\minolres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\mltres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\msoeres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\mt735res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\mt90res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\mtbjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\mtltres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\mtpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\mty24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\mty9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\nc24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ncpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ntfrsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\od9ibres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ok9ibres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\okd24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\oki24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\oki9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\okm24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\okml9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ol24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ol9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\old24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\old9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\opteures.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\optrares.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\pa24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\pa9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\pcl4res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\pcl5eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\pcl5ures.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\pcleures.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\riafres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ricohres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\rvseres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\sek24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\sek9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\sfmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\shvlres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\skcolres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\sml8xres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\st24eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\star9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\stjtres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\str24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\str9eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ti850res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\tly3res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\tly5cres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\tlyp6res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\tp4res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ttyres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ty2x3res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\ty2x4res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\unires.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\wab32res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\wmiapres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\wmm2res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\wmmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\wp24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\wp9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\xrpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\xrpr6res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Application Error]
"EventMessageFile"="%SystemRoot%\System32\faultrep.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\CardSpace 3.0.0.0]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;c:\WINDOWS\system32\icardres.dll.mui"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\CardSpace 3.0.0.0]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;c:\WINDOWS\system32\icardres.dll.mui"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\COM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\COM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\COM+]
"EventMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\COM+]
"EventMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\COM+]
"EventMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\EventSystem]
"CategoryMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\EventSystem]
"CategoryMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\HelpSvc]
"EventMessageFile"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\HCAppRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSDTC]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSDTC]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSDTC Client]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSDTC Client]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSSQLSERVER/MSDE]
"EventMessageFile"="%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Remote Assistance]
"EventMessageFile"="%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\RPC]
"EventMessageFile"="%SystemRoot%\System32\xpsp3res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\system32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\System.ServiceModel.Install 3.0.0.0]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Tlntsvr]
"EventMessageFile"="C:\WINDOWS\System32\tlntsvr.exe;C:\WINDOWS\System32\xpsp1res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Userenv]
"EventMessageFile"="%SystemRoot%\System32\userenv.dll;%SystemRoot%\System32\xpsp1res.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WinMgmt]
"EventMessageFile"="%SystemRoot%\system32\WBEM\WinMgmtR.dll;%SystemRoot%\system32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WMI.NET Provider Extension]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WMIAdapter]
"EventMessageFile"="%SystemRoot%\system32\WBEM\WMIApRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Application Popup]
"EventMessageFile"="%SystemRoot%\System32\ntdll.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\BITS]
"CategoryMessageFile"="%systemroot%\system32\xpob2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\BITS]
"CategoryMessageFile"="%systemroot%\system32\xpob2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DCOM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DCOM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Http]
"EventMessageFile"="%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Kerberos]
"EventMessageFile"="%SystemRoot%\System32\kerberos.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\MSDTC Gateway]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\MSDTC WS-AT Protocol]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Print]
"EventMessageFile"="%SystemRoot%\System32\LocalSpl.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RasMan]
"EventMessageFile"="%SystemRoot%\System32\mprmsg.dll;%SystemRoot%\System32\xpsp3res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Tcpip]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EventSystem\Parameters]
"ServiceDll"="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EventSystem\Parameters]
"ServiceDll"="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RC\msoeres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RC\wab32res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\acctres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\alpsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\bckgres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\br24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\br9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\brhjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\brhlres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\bul18res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\bul24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\bull9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\chkrres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\citohres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\clusres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\cn330res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\cnbjcres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\cnlbpres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\comres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\cq12sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\cq30sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\cq60sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\cq70sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\cq75sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\cq90sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ct24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ct9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\dc24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\dc9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\dclsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\dfrgres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\diconres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\dmdskres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\dpcres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ecp2eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ep24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ep2bres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ep9bres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ep9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\epcl5res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\escp2res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\exp24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\fu24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\fu9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\fupclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\fx5eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\fxsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\hcappres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\hpdjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\hppjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\hpqjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\hptjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\hrtzres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ib238res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ib239res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ib52res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ibmptres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ibp24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ibppdres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ibprores.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ibps1res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ibqwres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\icwres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\inetres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\jp350res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\kmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\kyores.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\kyrares.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lmikjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lmpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lx238res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lxaasres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lxacsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lxadsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lxaesres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lxcasres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lxfmpres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lxinkres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lxmasres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lxmdsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lxrosres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\lxsysres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mcsdmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\minolres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mltres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\msoeres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mt735res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mt90res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mtbjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mtltres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mtpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mty24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mty9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\nc24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ncpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ntfrsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\od9ibres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ok9ibres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\okd24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\oki24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\oki9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\okm24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\okml9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ol24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ol9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\old24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\old9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\opteures.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\optrares.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\pa24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\pa9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\pcl4res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\pcl5eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\pcl5ures.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\pcleures.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\riafres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ricohres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\rvseres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\sek24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\sek9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\sfmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\shvlres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\skcolres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\sml8xres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\st24eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\star9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\stjtres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\str24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\str9eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ti850res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\tly3res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\tly5cres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\tlyp6res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\tp4res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ttyres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ty2x3res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\ty2x4res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\unires.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\wab32res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\wmiapres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\wmm2res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\wmmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\wp24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\wp9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\xrpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\xrpr6res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\Application Error]
"EventMessageFile"="%SystemRoot%\System32\faultrep.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\CardSpace 3.0.0.0]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;c:\WINDOWS\system32\icardres.dll.mui"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\CardSpace 3.0.0.0]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;c:\WINDOWS\system32\icardres.dll.mui"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\COM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\COM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\COM+]
"EventMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\COM+]
"EventMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\COM+]
"EventMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\EventSystem]
"CategoryMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\EventSystem]
"CategoryMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\HelpSvc]
"EventMessageFile"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\HCAppRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\MSDTC]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\MSDTC]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\MSDTC Client]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\MSDTC Client]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\MSSQLSERVER/MSDE]
"EventMessageFile"="%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\Remote Assistance]
"EventMessageFile"="%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\RPC]
"EventMessageFile"="%SystemRoot%\System32\xpsp3res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\system32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\System.ServiceModel.Install 3.0.0.0]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\Tlntsvr]
"EventMessageFile"="C:\WINDOWS\System32\tlntsvr.exe;C:\WINDOWS\System32\xpsp1res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\Userenv]
"EventMessageFile"="%SystemRoot%\System32\userenv.dll;%SystemRoot%\System32\xpsp1res.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\WinMgmt]
"EventMessageFile"="%SystemRoot%\system32\WBEM\WinMgmtR.dll;%SystemRoot%\system32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\WMI.NET Provider Extension]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\WMIAdapter]
"EventMessageFile"="%SystemRoot%\system32\WBEM\WMIApRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\Application Popup]
"EventMessageFile"="%SystemRoot%\System32\ntdll.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\BITS]
"CategoryMessageFile"="%systemroot%\system32\xpob2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\BITS]
"CategoryMessageFile"="%systemroot%\system32\xpob2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\DCOM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\DCOM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\Http]
"EventMessageFile"="%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\Kerberos]
"EventMessageFile"="%SystemRoot%\System32\kerberos.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\MSDTC Gateway]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\MSDTC WS-AT Protocol]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\Print]
"EventMessageFile"="%SystemRoot%\System32\LocalSpl.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\RasMan]
"EventMessageFile"="%SystemRoot%\System32\mprmsg.dll;%SystemRoot%\System32\xpsp3res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\Tcpip]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\EventSystem\Parameters]
"ServiceDll"="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\EventSystem\Parameters]
"ServiceDll"="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RC\msoeres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RC\wab32res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\acctres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\alpsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\bckgres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\br24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\br9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\brhjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\brhlres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\bul18res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\bul24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\bull9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\chkrres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\citohres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\clusres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\cn330res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\cnbjcres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\cnlbpres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\comres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\cq12sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\cq30sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\cq60sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\cq70sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\cq75sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\cq90sres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ct24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ct9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\dc24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\dc9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\dclsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\dfrgres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\diconres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\dmdskres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\dpcres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ecp2eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ep24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ep2bres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ep9bres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ep9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\epcl5res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\escp2res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\exp24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\fu24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\fu9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\fupclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\fx5eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\fxsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\hcappres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\hpdjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\hppjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\hpqjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\hptjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\hrtzres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ib238res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ib239res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ib52res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ibmptres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ibp24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ibppdres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ibprores.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ibps1res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ibqwres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\icwres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\inetres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\jp350res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\kmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\kyores.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\kyrares.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lmikjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lmpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lx238res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lxaasres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lxacsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lxadsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lxaesres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lxcasres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lxfmpres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lxinkres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lxmasres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lxmdsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lxrosres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lxsysres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mcsdmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\minolres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mltres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\msoeres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mt735res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mt90res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mtbjres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mtltres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mtpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mty24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mty9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\nc24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ncpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ntfrsres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\od9ibres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ok9ibres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\okd24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\oki24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\oki9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\okm24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\okml9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ol24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ol9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\old24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\old9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\opteures.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\optrares.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\pa24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\pa9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\pcl4res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\pcl5eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\pcl5ures.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\pcleures.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\riafres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ricohres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\rvseres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\sek24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\sek9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\sfmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\shvlres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\skcolres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\sml8xres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\st24eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\star9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\stjtres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\str24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\str9eres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ti850res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\tly3res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\tly5cres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\tlyp6res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\tp4res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ttyres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ty2x3res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ty2x4res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\unires.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\wab32res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\wmiapres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\wmm2res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\wmmres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\wp24res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\wp9res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\xrpclres.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\xrpr6res.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Error]
"EventMessageFile"="%SystemRoot%\System32\faultrep.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 3.0.0.0]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;c:\WINDOWS\system32\icardres.dll.mui"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 3.0.0.0]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;c:\WINDOWS\system32\icardres.dll.mui"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM+]
"EventMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM+]
"EventMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM+]
"EventMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\EventSystem]
"CategoryMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\EventSystem]
"CategoryMessageFile"="C:\WINDOWS\System32\COMRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HelpSvc]
"EventMessageFile"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\HCAppRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client]
"EventMessageFile"="%SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSSQLSERVER/MSDE]
"EventMessageFile"="%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Remote Assistance]
"EventMessageFile"="%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\RPC]
"EventMessageFile"="%SystemRoot%\System32\xpsp3res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\system32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.ServiceModel.Install 3.0.0.0]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tlntsvr]
"EventMessageFile"="C:\WINDOWS\System32\tlntsvr.exe;C:\WINDOWS\System32\xpsp1res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userenv]
"EventMessageFile"="%SystemRoot%\System32\userenv.dll;%SystemRoot%\System32\xpsp1res.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinMgmt]
"EventMessageFile"="%SystemRoot%\system32\WBEM\WinMgmtR.dll;%SystemRoot%\system32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WMI.NET Provider Extension]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WMIAdapter]
"EventMessageFile"="%SystemRoot%\system32\WBEM\WMIApRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup]
"EventMessageFile"="%SystemRoot%\System32\ntdll.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BITS]
"CategoryMessageFile"="%systemroot%\system32\xpob2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BITS]
"CategoryMessageFile"="%systemroot%\system32\xpob2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DCOM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DCOM]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Http]
"EventMessageFile"="%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Kerberos]
"EventMessageFile"="%SystemRoot%\System32\kerberos.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSDTC Gateway]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSDTC WS-AT Protocol]
"EventMessageFile"="c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Print]
"EventMessageFile"="%SystemRoot%\System32\LocalSpl.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasMan]
"EventMessageFile"="%SystemRoot%\System32\mprmsg.dll;%SystemRoot%\System32\xpsp3res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip]
"EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Parameters]
"ServiceDll"="C:\WINDOWS\System32\es.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Parameters]
"ServiceDll"="C:\WINDOWS\System32\es.dll"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\unires.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\WMIApRes.dll]
[HKEY_USERS\S-1-5-21-602162358-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\COMRes.dll]
[HKEY_USERS\S-1-5-21-602162358-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\UNIRES.DLL]
[HKEY_USERS\S-1-5-21-602162358-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\wab32res.dll]
[HKEY_USERS\S-1-5-21-602162358-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\wmiapres.dll]
[HKEY_USERS\S-1-5-21-602162358-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\wmmres.dll]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\unires.dll]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\041B\WMIApRes.dll]

mirto · #15 Příspěvek od **mirto** » 15 led 2010 19:21

to je vsetko z logu

Tak ako som natom?

VIRY.CZ

Problem so Security tool, desifrovanie logu

Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu

Re: Problem so Security tool, desifrovanie logu