Originariamente inviato da juninho85
(Messaggio 17960741)
Modifiche apportate al sistema dall'installazione di avira personal:
Installazione applicazioni:
Avira AntiVir PersonalEdition Classic
Autorun:
X:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
X:\Programmi\AntiVir PersonalEdition Classic\sched.exe
X:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
File copiati:
X:\Documents and Settings\All Users\Application Data\addr_file.html
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\addr_file.html
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\AVWIN.INI
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\update.conf
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir0.vdf
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir1.vdf
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir2.vdf
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir3.vdf
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\EVENTDB\avevtdb.dbe
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\IDX\classic-9x-en.info
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\IDX\master.idx
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\JOBS\scanjob.avj
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\JOBS\startupd.avj
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\JOBS\updjob.avj
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\LOGFILES\avguard.log
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\LOGFILES\sched.log
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\LOGFILES\setup.log
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\LOGFILES\Upd-2006-12-15-04-13-49.log
X:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
X::\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\REPORTS\14dcc229.avl
X:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
X:\Documents and Settings\All Users\Start Menu\Programs\AntiVir PersonalEdition Classic\AntiVir Help.lnk
X:\Documents and Settings\All Users\Start Menu\Programs\AntiVir PersonalEdition Classic\AntiVir PersonalEdition Classic on the Internet.lnk
X:\Documents and Settings\All Users\Start Menu\Programs\AntiVir PersonalEdition Classic\Start AntiVir PersonalEdition Classic.lnk
X:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
X:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
X:\Program Files\AntiVir PersonalEdition Classic\antivir.oem
X:\Program Files\AntiVir PersonalEdition Classic\antivir0.vdf
X:\Program Files\AntiVir PersonalEdition Classic\antivir1.vdf
X:\Program Files\AntiVir PersonalEdition Classic\antivir2.vdf
X:\Program Files\AntiVir PersonalEdition Classic\antivir3.vdf
X:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
X:\Program Files\AntiVir PersonalEdition Classic\avcmd.exe
X:\Program Files\AntiVir PersonalEdition Classic\avconfig.cpl
X:\Program Files\AntiVir PersonalEdition Classic\avconfig.dll
X:\Program Files\AntiVir PersonalEdition Classic\avconfig.exe
X:\Program Files\AntiVir PersonalEdition Classic\avevtlog.dll
X:\Program Files\AntiVir PersonalEdition Classic\avewin32.dll
X:\Program Files\AntiVir PersonalEdition Classic\avgcmxp.dll
X:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
X:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
X:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
X:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
X:\Program Files\AntiVir PersonalEdition Classic\avinet.dll
X:\Program Files\AntiVir PersonalEdition Classic\avnotify.dll
X:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe
X:\Program Files\AntiVir PersonalEdition Classic\avpack32.dll
X:\Program Files\AntiVir PersonalEdition Classic\avpref.dll
X:\Program Files\AntiVir PersonalEdition Classic\avreg.dll
X:\Program Files\AntiVir PersonalEdition Classic\avrep.dll
X:\Program Files\AntiVir PersonalEdition Classic\avrpbase.dll
X:\Program Files\AntiVir PersonalEdition Classic\avscan.dll
X:\Program Files\AntiVir PersonalEdition Classic\avscan.exe
X:\Program Files\AntiVir PersonalEdition Classic\avwin.chm
X:\Program Files\AntiVir PersonalEdition Classic\avwinll.dll
X:\Program Files\AntiVir PersonalEdition Classic\build.dat
X:\Program Files\AntiVir PersonalEdition Classic\ccev.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccevrc.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccgen.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccgenrc.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccgrdrc.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccguard.dll
X:\Program Files\AntiVir PersonalEdition Classic\cclic.dll
X:\Program Files\AntiVir PersonalEdition Classic\cclicrc.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccmainrc.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccprofil.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccquamgr.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccquarc.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccreporc.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccreport.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccscanrc.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccsched.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccscherc.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccupdate.dll
X:\Program Files\AntiVir PersonalEdition Classic\ccupdrc.dll
X:\Program Files\AntiVir PersonalEdition Classic\common_msg.avr
X:\Program Files\AntiVir PersonalEdition Classic\deldir.exe
X:\Program Files\AntiVir PersonalEdition Classic\eula.txt
X:\Program Files\AntiVir PersonalEdition Classic\guardevt.dll
X:\Program Files\AntiVir PersonalEdition Classic\guardgui.exe
X:\Program Files\AntiVir PersonalEdition Classic\guardmsg.dll
X:\Program Files\AntiVir PersonalEdition Classic\hbedv.key
X:\Program Files\AntiVir PersonalEdition Classic\licmgr.dll
X:\Program Files\AntiVir PersonalEdition Classic\licmgr.exe
X:\Program Files\AntiVir PersonalEdition Classic\luke.dll
X:\Program Files\AntiVir PersonalEdition Classic\lukeres.dll
X:\Program Files\AntiVir PersonalEdition Classic\mfc71.dll
X:\Program Files\AntiVir PersonalEdition Classic\msvcp71.dll
X:\Program Files\AntiVir PersonalEdition Classic\msvcr71.dll
X:\Program Files\AntiVir PersonalEdition Classic\mydocs.avp
X:\Program Files\AntiVir PersonalEdition Classic\preupd.exe
X:\Program Files\AntiVir PersonalEdition Classic\process.avp
X:\Program Files\AntiVir PersonalEdition Classic\psapi.dll
X:\Program Files\AntiVir PersonalEdition Classic\rchelp.dll
X:\Program Files\AntiVir PersonalEdition Classic\rcimage.dll
X:\Program Files\AntiVir PersonalEdition Classic\rctext.dll
X:\Program Files\AntiVir PersonalEdition Classic\readme.txt
X:\Program Files\AntiVir PersonalEdition Classic\rmdiscs.avp
X:\Program Files\AntiVir PersonalEdition Classic\scewxml.dll
X:\Program Files\AntiVir PersonalEdition Classic\sched.exe
X:\Program Files\AntiVir PersonalEdition Classic\schedr.dll
X:\Program Files\AntiVir PersonalEdition Classic\setup.dll
X:\Program Files\AntiVir PersonalEdition Classic\setup.exe
X:\Program Files\AntiVir PersonalEdition Classic\setupprf.dat
X:\Program Files\AntiVir PersonalEdition Classic\shlext.dll
X:\Program Files\AntiVir PersonalEdition Classic\smtplib.dll
X:\Program Files\AntiVir PersonalEdition Classic\sqlite3.dll
X:\Program Files\AntiVir PersonalEdition Classic\sysdir.avp
X:\Program Files\AntiVir PersonalEdition Classic\sys_rw16.dll
X:\Program Files\AntiVir PersonalEdition Classic\sys_rw32.dll
X:\Program Files\AntiVir PersonalEdition Classic\unacev2.dll
X:\Program Files\AntiVir PersonalEdition Classic\update.exe
X:\Program Files\AntiVir PersonalEdition Classic\update_msg.avr
X:\Program Files\AntiVir PersonalEdition Classic\updgui.dll
X:\Program Files\AntiVir PersonalEdition Classic\updguirc.dll
X:\Program Files\AntiVir PersonalEdition Classic\updlib.dll
X:\Program Files\AntiVir PersonalEdition Classic\updlibrc.dll
X:\Program Files\AntiVir PersonalEdition Classic\weblink.url
X:\WINDOWS\system32\drivers\avgntdd.sys
X:\WINDOWS\system32\drivers\avgntmgr.sys
Modiche al registro:
ADD [HKEY_CURRENT_USER\Software\H+BEDV]
ADD [HKEY_CURRENT_USER\Software\H+BEDV\AntiVir PersonalEdition Classic V 7]
ADD [HKEY_CURRENT_USER\Software\H+BEDV\AntiVir PersonalEdition Classic V 7\SeenMessages]
ADD 200612150001="20061215-20061215"
REMOVE [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew]
ADD [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning]
ADD @="{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
ADD [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A}]
ADD @="Shell Extension for Malware scanning"
ADD [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A}\InProcServer32]
ADD @="C:\\Program Files\\AntiVir PersonalEdition Classic\\shlext.dll"
ADD ThreadingModel="Apartment"
ADD [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning]
ADD @="{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
ADD [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}]
ADD [HKEY_LOCAL_MACHINE\SOFTWARE\H+BEDV]
ADD [HKEY_LOCAL_MACHINE\SOFTWARE\H+BEDV\AntiVir PersonalEdition Classic V 7]
ADD AppDataDirectory="C:\\Documents and Settings\\All Users\\Application Data\\AntiVir PersonalEdition Classic\\"
ADD FilterType=dword:00000001
ADD LastUpdate=dword:458267a9
ADD Path="C:\\Program Files\\AntiVir PersonalEdition Classic\\"
ADD ProductID="3ec703e540fb53ed551d358673af589911fd20ac"
ADD SecurityDetection=dword:00000001
ADD WSC_CompanyName="Avira GmbH"
ADD WSC_DisplayName="Avira AntiVir PersonalEdition Classic"
ADD WSC_ProductId="ad166499-45f9-482a-a743-fdd3350758c7"
CHANGE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance]
CHANGE Performance Refresh=dword:00000000
CHANGE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM]
CHANGE C:\\WINDOWS\\System32\\Drivers\\HTTP.sys[UlMofResource]="LowDateTime:1643546752,HighDateTime:29666663***Binary mof compiled successfully"
CHANGE C:\\WINDOWS\\system32\\DRIVERS\\ACPI.sys[ACPIMOFResource]="LowDateTime:650848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys[PROCESSORWMI]="LowDateTime:2080848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE C:\\WINDOWS\\system32\\DRIVERS\\ipnat.sys[IPNATMofResource]="LowDateTime:-1061007232,HighDateTime:29664841***Binary mof compiled successfully"
CHANGE C:\\WINDOWS\\system32\\DRIVERS\\mssmbios.sys[MofResource]="LowDateTime:-1629086336,HighDateTime:29655115***Binary mof compiled successfully"
CHANGE C:\\WINDOWS\\system32\\advapi32.dll[MofResourceName]="LowDateTime:660848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE]
CHANGE C:\\WINDOWS\\System32\\Drivers\\HTTP.sys[UlMofResource]="LowDateTime:1643546752,HighDateTime:29666663***Binary mof compiled successfully"
CHANGE C:\\WINDOWS\\system32\\DRIVERS\\ACPI.sys[ACPIMOFResource]="LowDateTime:650848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys[PROCESSORWMI]="LowDateTime:2080848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE C:\\WINDOWS\\system32\\DRIVERS\\ipnat.sys[IPNATMofResource]="LowDateTime:-1061007232,HighDateTime:29664841***Binary mof compiled successfully"
CHANGE C:\\WINDOWS\\system32\\DRIVERS\\mssmbios.sys[MofResource]="LowDateTime:-1629086336,HighDateTime:29655115***Binary mof compiled successfully"
CHANGE C:\\WINDOWS\\system32\\advapi32.dll[MofResourceName]="LowDateTime:660848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib]
CHANGE Last Counter=dword:00000d9c
CHANGE Last Help=dword:00000d9d
CHANGE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls]
ADD Avira AntiVir PersonalEdition Classic="C:\\PROGRA~1\\ANTIVI~1\\avconfig.cpl"
CHANGE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468e-B848-2B2E8E697B74} 2]
ADD C:\\PROGRA~1\\ANTIVI~1\\avconfig.cpl=dword:0000000a
CHANGE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ADD avgnt="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
CHANGE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
ADD {45AC2688-0253-4ED8-97DE-B5370FA7D48A}="Shell Extension for Malware scanning"
ADD [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic]
ADD DisplayIcon="C:\\Program Files\\AntiVir PersonalEdition Classic\\rcimage.dll,1"
ADD DisplayName="Avira AntiVir PersonalEdition Classic"
ADD HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,2e,00,61,00,76,00,69,00,72,00,61,00,2e,00,63,00,6f,00,6d,00,2f,00,65,00,6e,00,2f,00,74,00,65,00,63,00,68,00,6e,00,69,00,63,00,61,00,6c,00,5f,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,00,00
ADD ModifyPath="C:\\Program Files\\AntiVir PersonalEdition Classic\\SETUP.EXE"
ADD Publisher="Avira GmbH"
ADD URLInfoAbout="http://www.free-av.com"
ADD URLUpdateInfo="http://www.free-av.com"
ADD UninstallString="C:\\Program Files\\AntiVir PersonalEdition Classic\\SETUP.EXE /REMOVE"
ADD [HKEY_LOCAL_MACHINE\SOFTWARE\X-AVCSD]
ADD [HKEY_LOCAL_MACHINE\SOFTWARE\X-AVCSD\Workstation]
ADD [HKEY_LOCAL_MACHINE\SOFTWARE\X-AVCSD\Workstation\AntiVir PersonalEdition Classic V 7]
ADD ID=dword:00000039
ADD Lang="EN"
ADD Name="Avira AntiVir PersonalEdition Classic"
ADD Type="ANSI"
CHANGE [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]
CHANGE @=dword:0000000b
CHANGE [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
ADD PendingFileRenameOperations=hex(7):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,6c,00,6c,00,20,00,55,00,73,00,65,00,72,00,73,00,5c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,20,00,50,00,65,00,72,00,73,00,6f,00,6e,00,61,00,6c,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,20,00,43,00,6c,00,61,0...
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULER]
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULER\0000]
ADD Class="LegacyDriver"
ADD ClassGUID="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
ADD ConfigFlags=dword:00000000
ADD DeviceDesc="AntiVir PersonalEdition Classic Scheduler"
ADD Legacy=dword:00000001
ADD Service="AntiVirScheduler"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULER\0000\Control]
ADD *NewlyCreated*=dword:00000000
ADD ActiveService="AntiVirScheduler"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE]
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE\0000]
ADD Class="LegacyDriver"
ADD ClassGUID="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
ADD ConfigFlags=dword:00000000
ADD DeviceDesc="AntiVir PersonalEdition Classic Guard"
ADD Legacy=dword:00000001
ADD Service="AntiVirService"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE\0000\Control]
ADD *NewlyCreated*=dword:00000000
ADD ActiveService="AntiVirService"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIO]
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIO\0000]
ADD Class="LegacyDriver"
ADD ClassGUID="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
ADD ConfigFlags=dword:00000000
ADD DeviceDesc="avgio"
ADD Legacy=dword:00000001
ADD Service="avgio"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIO\0000\Control]
ADD *NewlyCreated*=dword:00000000
ADD ActiveService="avgio"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGNTFLT]
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGNTFLT\0000]
ADD Class="LegacyDriver"
ADD ClassGUID="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
ADD ConfigFlags=dword:00000000
ADD DeviceDesc="avgntflt"
ADD Legacy=dword:00000001
ADD Service="avgntflt"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGNTFLT\0000\Control]
ADD *NewlyCreated*=dword:00000000
ADD ActiveService="avgntflt"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirScheduler]
ADD Description="Service to schedule AntiVir jobs and updates."
ADD DisplayName="AntiVir PersonalEdition Classic Scheduler"
ADD ErrorControl=dword:00000001
ADD ImagePath=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,20,00,50,00,65,00,72,00,73,00,6f,00,6e,00,61,00,6c,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,20,00,43,00,6c,00,61,00,73,00,73,00,69,00,63,00,5c,00,73,00,63,00,68,00,65,00,64,00,2e,00,65,00,78,00,65,00,00,00
ADD ObjectName="LocalSystem"
ADD Start=dword:00000002
ADD Type=dword:00000110
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirScheduler\Enum]
ADD 0="Root\\LEGACY_ANTIVIRSCHEDULER\\0000"
ADD Count=dword:00000001
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirScheduler\Security]
ADD Security=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirService]
ADD Description="Offers permanent protection against viruses and malware with the AntiVir search engine. "
ADD DisplayName="AntiVir PersonalEdition Classic Guard"
ADD ErrorControl=dword:00000001
ADD ImagePath=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,20,00,50,00,65,00,72,00,73,00,6f,00,6e,00,61,00,6c,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,20,00,43,00,6c,00,61,00,73,00,73,00,69,00,63,00,5c,00,61,00,76,00,67,00,75,00,61,00,72,00,64,00,2e,00,65,00,78,00,65,00,00,00
ADD ObjectName="LocalSystem"
ADD Start=dword:00000002
ADD Type=dword:00000110
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirService\Enum]
ADD 0="Root\\LEGACY_ANTIVIRSERVICE\\0000"
ADD Count=dword:00000001
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirService\Security]
ADD Security=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
CHANGE [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
CHANGE Sources=hex(7):48,00,2b,00,42,00,45,00,44,00,56,00,20,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,00,00,57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,0...
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\H+BEDV AntiVir]
ADD CategoryCount=dword:00000003
ADD CategoryMessageFile="C:\\Program Files\\AntiVir PersonalEdition Classic\\guardevt.dll"
ADD EventMessageFile="C:\\Program Files\\AntiVir PersonalEdition Classic\\guardevt.dll"
ADD TypesSupported=dword:00000007
CHANGE [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System]
CHANGE Sources=hex(7):61,00,76,00,67,00,6e,00,74,00,66,00,6c,00,74,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,63,00,72,00,69,00,70,00,74,00,20,00,48,00,6f,00,73,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,0...
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\avgntflt]
ADD CategoryCount=dword:00000001
ADD CategoryMessageFile="C:\\Program Files\\AntiVir PersonalEdition Classic\\avgntflt.sys"
ADD EventMessageFile="C:\\Program Files\\AntiVir PersonalEdition Classic\\avgntflt.sys"
ADD TypesSupported=dword:00000007
CHANGE [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl\Performance]
ADD First Counter=dword:00000d90
ADD First Help=dword:00000d91
ADD Last Counter=dword:00000d9c
ADD Last Help=dword:00000d9d
ADD Object List="3472 3478"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgio]
ADD DependOnGroup=hex(7):00,00
ADD DependOnService=hex(7):46,00,6c,00,74,00,4d,00,67,00,72,00,00,00,00,00
ADD DisplayName="avgio"
ADD ErrorControl=dword:00000001
ADD ImagePath=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,20,00,50,00,65,00,72,00,73,00,6f,00,6e,00,61,00,6c,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,20,00,43,00,6c,00,61,00,73,00,73,00,69,00,63,00,5c,00,61,00,76,00,67,00,69,00,6f,00,2e,00,73,00,79,00,73,00,00,00
ADD Start=dword:00000001
ADD Type=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgio\Enum]
ADD 0="Root\\LEGACY_AVGIO\\0000"
ADD Count=dword:00000001
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgio\Security]
ADD Security=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgntflt]
ADD DependOnGroup=hex(7):00,00
ADD DependOnService=hex(7):46,00,6c,00,74,00,4d,00,67,00,72,00,00,00,00,00
ADD Description="Avira AntiVir PersonalEdition Classic mini-filter used for on-access scan to provide real-time antivirus security."
ADD DisplayName="avgntflt"
ADD ErrorControl=dword:00000001
ADD Group="FSFilter Anti-Virus"
ADD ImagePath=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,20,00,50,00,65,00,72,00,73,00,6f,00,6e,00,61,00,6c,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,20,00,43,00,6c,00,61,00,73,00,73,00,69,00,63,00,5c,00,61,00,76,00,67,00,6e,00,74,00,66,00,6c,00,74,00,2e,00,73,00,79,00,73,00,00,00
ADD Start=dword:00000003
ADD Type=dword:00000002
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgntflt\Enum]
ADD 0="Root\\LEGACY_AVGNTFLT\\0000"
ADD Count=dword:00000001
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgntflt\Instances]
ADD DefaultInstance="avgntflt Instance"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgntflt\Instances\avgntflt Instance]
ADD Altitude="320500"
ADD Flags=dword:00000000
ADD [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgntflt\Security]
ADD Security=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
CHANGE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]
CHANGE @=dword:0000000b
CHANGE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
ADD PendingFileRenameOperations=hex(7):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,6c,00,6c,00,20,00,55,00,73,00,65,00,72,00,73,00,5c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,20,00,50,00,65,00,72,00,73,00,6f,00,6e,00,61,00,6c,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,20,00,43,00,6c,00,61,0...
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULER]
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULER\0000]
ADD Class="LegacyDriver"
ADD ClassGUID="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
ADD ConfigFlags=dword:00000000
ADD DeviceDesc="AntiVir PersonalEdition Classic Scheduler"
ADD Legacy=dword:00000001
ADD Service="AntiVirScheduler"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULER\0000\Control]
ADD *NewlyCreated*=dword:00000000
ADD ActiveService="AntiVirScheduler"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE]
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE\0000]
ADD Class="LegacyDriver"
ADD ClassGUID="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
ADD ConfigFlags=dword:00000000
ADD DeviceDesc="AntiVir PersonalEdition Classic Guard"
ADD Legacy=dword:00000001
ADD Service="AntiVirService"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE\0000\Control]
ADD *NewlyCreated*=dword:00000000
ADD ActiveService="AntiVirService"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIO]
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIO\0000]
ADD Class="LegacyDriver"
ADD ClassGUID="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
ADD ConfigFlags=dword:00000000
ADD DeviceDesc="avgio"
ADD Legacy=dword:00000001
ADD Service="avgio"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIO\0000\Control]
ADD *NewlyCreated*=dword:00000000
ADD ActiveService="avgio"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGNTFLT]
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGNTFLT\0000]
ADD Class="LegacyDriver"
ADD ClassGUID="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
ADD ConfigFlags=dword:00000000
ADD DeviceDesc="avgntflt"
ADD Legacy=dword:00000001
ADD Service="avgntflt"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGNTFLT\0000\Control]
ADD *NewlyCreated*=dword:00000000
ADD ActiveService="avgntflt"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirScheduler]
ADD Description="Service to schedule AntiVir jobs and updates."
ADD DisplayName="AntiVir PersonalEdition Classic Scheduler"
ADD ErrorControl=dword:00000001
ADD ImagePath=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,20,00,50,00,65,00,72,00,73,00,6f,00,6e,00,61,00,6c,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,20,00,43,00,6c,00,61,00,73,00,73,00,69,00,63,00,5c,00,73,00,63,00,68,00,65,00,64,00,2e,00,65,00,78,00,65,00,00,00
ADD ObjectName="LocalSystem"
ADD Start=dword:00000002
ADD Type=dword:00000110
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirScheduler\Enum]
ADD 0="Root\\LEGACY_ANTIVIRSCHEDULER\\0000"
ADD Count=dword:00000001
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirScheduler\Security]
ADD Security=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService]
ADD Description="Offers permanent protection against viruses and malware with the AntiVir search engine. "
ADD DisplayName="AntiVir PersonalEdition Classic Guard"
ADD ErrorControl=dword:00000001
ADD ImagePath=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,20,00,50,00,65,00,72,00,73,00,6f,00,6e,00,61,00,6c,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,20,00,43,00,6c,00,61,00,73,00,73,00,69,00,63,00,5c,00,61,00,76,00,67,00,75,00,61,00,72,00,64,00,2e,00,65,00,78,00,65,00,00,00
ADD ObjectName="LocalSystem"
ADD Start=dword:00000002
ADD Type=dword:00000110
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService\Enum]
ADD 0="Root\\LEGACY_ANTIVIRSERVICE\\0000"
ADD Count=dword:00000001
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService\Security]
ADD Security=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
CHANGE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
CHANGE Sources=hex(7):48,00,2b,00,42,00,45,00,44,00,56,00,20,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,00,00,57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,0...
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\H+BEDV AntiVir]
ADD CategoryCount=dword:00000003
ADD CategoryMessageFile="C:\\Program Files\\AntiVir PersonalEdition Classic\\guardevt.dll"
ADD EventMessageFile="C:\\Program Files\\AntiVir PersonalEdition Classic\\guardevt.dll"
ADD TypesSupported=dword:00000007
CHANGE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System]
CHANGE Sources=hex(7):61,00,76,00,67,00,6e,00,74,00,66,00,6c,00,74,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,63,00,72,00,69,00,70,00,74,00,20,00,48,00,6f,00,73,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,0...
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\avgntflt]
ADD CategoryCount=dword:00000001
ADD CategoryMessageFile="C:\\Program Files\\AntiVir PersonalEdition Classic\\avgntflt.sys"
ADD EventMessageFile="C:\\Program Files\\AntiVir PersonalEdition Classic\\avgntflt.sys"
ADD TypesSupported=dword:00000007
CHANGE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance]
ADD First Counter=dword:00000d90
ADD First Help=dword:00000d91
ADD Last Counter=dword:00000d9c
ADD Last Help=dword:00000d9d
ADD Object List="3472 3478"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgio]
ADD DependOnGroup=hex(7):00,00
ADD DependOnService=hex(7):46,00,6c,00,74,00,4d,00,67,00,72,00,00,00,00,00
ADD DisplayName="avgio"
ADD ErrorControl=dword:00000001
ADD ImagePath=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,20,00,50,00,65,00,72,00,73,00,6f,00,6e,00,61,00,6c,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,20,00,43,00,6c,00,61,00,73,00,73,00,69,00,63,00,5c,00,61,00,76,00,67,00,69,00,6f,00,2e,00,73,00,79,00,73,00,00,00
ADD Start=dword:00000001
ADD Type=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgio\Enum]
ADD 0="Root\\LEGACY_AVGIO\\0000"
ADD Count=dword:00000001
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgio\Security]
ADD Security=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt]
ADD DependOnGroup=hex(7):00,00
ADD DependOnService=hex(7):46,00,6c,00,74,00,4d,00,67,00,72,00,00,00,00,00
ADD Description="Avira AntiVir PersonalEdition Classic mini-filter used for on-access scan to provide real-time antivirus security."
ADD DisplayName="avgntflt"
ADD ErrorControl=dword:00000001
ADD Group="FSFilter Anti-Virus"
ADD ImagePath=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,20,00,50,00,65,00,72,00,73,00,6f,00,6e,00,61,00,6c,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,20,00,43,00,6c,00,61,00,73,00,73,00,69,00,63,00,5c,00,61,00,76,00,67,00,6e,00,74,00,66,00,6c,00,74,00,2e,00,73,00,79,00,73,00,00,00
ADD Start=dword:00000003
ADD Type=dword:00000002
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt\Enum]
ADD 0="Root\\LEGACY_AVGNTFLT\\0000"
ADD Count=dword:00000001
ADD NextInstance=dword:00000001
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt\Instances]
ADD DefaultInstance="avgntflt Instance"
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt\Instances\avgntflt Instance]
ADD Altitude="320500"
ADD Flags=dword:00000000
ADD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt\Security]
ADD Security=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
CHANGE [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
CHANGE History="C:\\Documents and Settings\\LocalService\\Local Settings\\History"
CHANGE [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
CHANGE History="C:\\Documents and Settings\\LocalService\\Local Settings\\History"
|
