HijackThis kanssa tyttö pulassa

nyks · 10.04.2008

Kaverini epäilee että koneessani on jotain. Käski tehdä tarkistuksen hijackthisin kans ja nyt kun se on tehty, ollaan ihan pihalla. Emme tajua yhtään mitään tästä logista.
Olisiko joku kiltti että katselisi tätä ja kertoisi onko jotain siinä?
Kiitoksia paljon..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:46, on 10.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Elisa\Avustaja\Elisa.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200645140109
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11219 bytes

AfterDawn

Hujo · 10.04.2008

annetaas ensin tuon vähän työstää.

Lataa Tästä Ccleaner
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

=================

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

nyks · 11.04.2008

Jostain syystä en pääse vastaamaan tähän tai sitten tulee monta samaa vastausta. Anteeksi!
Olen tehnyt niin kuin sanoit paitsi etten osannut kopioida niin kuin käskit. Varmuuskopio meni kovalevylle ja tässä se on.
Tein puhdistus kolme kertaa eikä enää ollut mitään poistettavaa. Virheitä on ollut ja ne on korjattu.
Toivottavasti tämä raportti on just se mikä mun piti laittaa.
Kiitos avusta!

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPP]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPP\OpenWithProgids]
"MediaMonkey.File"=hex(0):

[HKEY_CLASSES_ROOT\Connection Manager Profile]
@="Connection Manager Profile"

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell]

[HKEY_CLASSES_ROOT\DIRECT.ddPalette.3]
@="DirectDrawPalette 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.ddPalette.3\CLSID]
@="{F3CA5713-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.ddSurface.3]
@="DirectDrawSurface 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.ddSurface.3\CLSID]
@="{F3CA570D-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.DiectPlay2.3]
@="DirectPlay2 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DiectPlay2.3\CLSID]
@="{0514B040-84EA-11D0-A8BF-00A0C9008A48}"

[HKEY_CLASSES_ROOT\DIRECT.DiectPlayLobby.3]
@="DirectPlayLobby 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DiectPlayLobby.3\CLSID]
@="{BFFFD262-7705-11D0-B5DC-444553540000}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3d.3]
@="Direct3d 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3d.3\CLSID]
@="{F3CA56CB-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dDevice.3]
@="DirectInputDevice 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dDevice.3\CLSID]
@="{F3CA575B-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dExecuteBuffer.3]
@="Direct3dExecuteBuffer 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dExecuteBuffer.3\CLSID]
@="{F3CA56E3-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dLight.3]
@="Direct3dLight 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dLight.3\CLSID]
@="{F3CA56D7-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dMaterial.3]
@="Direct3dMaterial 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dMaterial.3\CLSID]
@="{F3CA56DD-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRM.3]
@="Direct3dRM 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRM.3\CLSID]
@="{F3CA56F5-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMAnimation.3]
@="Direct3dRMAnimation 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMAnimation.3\CLSID]
@="{F3CA56B3-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMAnimationSet.3]
@="Direct3dRMAnimationSet 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMAnimationSet.3\CLSID]
@="{F3CA56B9-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMArray.3]
@=""

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMArray.3\CLSID]
@="{F3CA5791-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMDevice.3]
@="Direct3dRMDevice 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMDevice.3\CLSID]
@="{F3CA567D-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMDeviceArray.3]
@="Direct3dRMDeviceArray 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMDeviceArray.3\CLSID]
@="{F3CA572B-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFace.3]
@="Direct3dRMFace 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFace.3\CLSID]
@="{F3CA5695-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFaceArray.3]
@="Direct3dRMFaceArray 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFaceArray.3\CLSID]
@="{F3CA5755-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFrame.3]
@="Direct3dRMFrame 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFrame.3\CLSID]
@="{F3CA5683-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFrameArray.3]
@="Direct3dRMFrameArray 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFrameArray.3\CLSID]
@="{F3CA5737-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMLight.3]
@="Direct3dRMLight 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMLight.3\CLSID]
@="{F3CA569B-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMLightArray.3]
@="Direct3dRMLightArray 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMLightArray.3\CLSID]
@="{F3CA5749-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMMaterial.3]
@="Direct3dRMMaterial 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMMaterial.3\CLSID]
@="{F3CA56AD-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMMesh.3]
@="Direct3dRMMesh 31.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMMesh.3\CLSID]
@="{F3CA5689-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMMeshBuilder.3]
@="Direct3dRMMeshBuilder 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMMeshBuilder.3\CLSID]
@="{F3CA568F-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMObject.3]
@="Direct3dRMObject 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMObject.3\CLSID]
@="{F3CA56FB-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMPickedArray.3]
@="Direct3dRMPickedArray 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMPickedArray.3\CLSID]
@="{F3CA574F-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMShadow.3]
@="Direct3dRMShadow 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMShadow.3\CLSID]
@="{F3CA56C5-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMTexture.3]
@="Direct3dRMTexture 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMTexture.3\CLSID]
@="{F3CA56A1-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMUserVisual.3]
@="Direct3dRMUserVisual 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMUserVisual.3\CLSID]
@="{F3CA56BF-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMViewport.3]
@="Direct3dRMViewport 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMViewport.3\CLSID]
@="{F3CA5677-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMViewportArray.3]
@="Direct3dRMViewportArray 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMViewportArray.3\CLSID]
@="{F3CA5731-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMVisual.3]
@="Direct3dRMVisual 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMVisual.3\CLSID]
@="{F3CA5701-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMVisualArray.3]
@="Direct3dRMVisualArray 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMVisualArray.3\CLSID]
@="{F3CA573D-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMWinDevice.3]
@="Direct3dRMWinDevice 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMWinDevice.3\CLSID]
@="{F3CA5707-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMWrap.3]
@="Direct3dRMWrap 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dRMWrap.3\CLSID]
@="{F3CA56A7-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dTexture.3]
@="Direct3dTexture 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dTexture.3\CLSID]
@="{F3CA56D1-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dViewport.3]
@="Direct3dViewport 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.Direct3dViewport.3\CLSID]
@="{F3CA56EF-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.DirectDraw.3]
@="DirectDraw 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DirectDraw.3\CLSID]
@="{F3CA566B-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.DirectDrawBitmap.3]
@="DirectDrawBitmap 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DirectDrawBitmap.3\CLSID]
@="{F3CA56E9-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.DirectDrawClipper.3]
@="DirectDrawClipper 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DirectDrawClipper.3\CLSID]
@="{F3CA5671-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.DirectDrawPalette.3]
@="DirectDrawPalette 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DirectDrawPalette.3\CLSID]
@="{F3CA5713-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.DirectDrawSurface.3]
@="DirectDrawSurface 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DirectDrawSurface.3\CLSID]
@="{F3CA570D-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.DirectPlay2.3]
@="DirectPlay2 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DirectPlay2.3\CLSID]
@="{0514B040-84EA-11D0-A8BF-00A0C9008A48}"

[HKEY_CLASSES_ROOT\DIRECT.DirectPlayLobby.3]
@="DirectPlayLobby 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DirectPlayLobby.3\CLSID]
@="{BFFFD262-7705-11D0-B5DC-444553540000}"

[HKEY_CLASSES_ROOT\DIRECT.DirectSound.3]
@="DirectSound 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DirectSound.3\CLSID]
@="{F3CA5665-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.DirectSound3dBuffer.3]
@="DirectSound3DBufer 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DirectSound3dBuffer.3\CLSID]
@="{F3CA57EB-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.DirectSound3dListener.3]
@="Directsound3DLister 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DirectSound3dListener.3\CLSID]
@="{F3CA57E5-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.DirectSoundBuffer.3]
@="DirectSoundBuffer 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DirectSoundBuffer.3\CLSID]
@="{F3CA571F-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.DirectSoundResource.3]
@="DirectInput 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.DirectSoundResource.3\CLSID]
@="{F3CA5767-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\DIRECT.JoyStick.3]
@="DirectInput 3.0 Object"

[HKEY_CLASSES_ROOT\DIRECT.JoyStick.3\CLSID]
@="{F3CA57DF-C5DA-11CF-8F28-00AA0060FD48}"

[HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin]
@="ActiveXPlugin Object"

[HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin\CLSID]
@="{06DD38D3-D187-11CF-A80D-00C04FD74AD8}"

[HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin\CurVer]
@="Microsoft.ActiveXPlugin.1"

[HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin\NotInsertable]

[HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin.1]
@="ActiveXPlugin Object"

[HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin.1\CLSID]
@="{06DD38D3-D187-11CF-A80D-00C04FD74AD8}"

[HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin.1\NotInsertable]

[HKEY_CLASSES_ROOT\ppifile]
@="Microsoft Passport -asetukset"

[HKEY_CLASSES_ROOT\ppifile\shell]

[HKEY_CLASSES_ROOT\RTCIMSP.RTCIMService]
@="RTCIMService Class"

[HKEY_CLASSES_ROOT\RTCIMSP.RTCIMService\CLSID]
@="{83D4679F-B6D7-11D2-BF36-00C04FB90A03}"

[HKEY_CLASSES_ROOT\RTCIMSP.RTCIMService\CurVer]
@="RTCIMSP.RTCIMService.1"

[HKEY_CLASSES_ROOT\RTCIMSP.RTCIMService.1]
@="RTCIMService Class"

[HKEY_CLASSES_ROOT\RTCIMSP.RTCIMService.1\CLSID]
@="{83D4679F-B6D7-11D2-BF36-00C04FB90A03}"

[HKEY_CLASSES_ROOT\SongsDB.SDBAlbum]
@="SDBAlbum Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBAlbum\Clsid]
@="{DE84FCEF-2C39-4379-AAF9-6C4A24F546F7}"

[HKEY_CLASSES_ROOT\SongsDB.SDBAlbumArtItem]
@="SDBAlbumArtItem Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBAlbumArtItem\Clsid]
@="{271724C3-5F42-49FE-988D-B47D695B3BDA}"

[HKEY_CLASSES_ROOT\SongsDB.SDBAlbumArtList]
@="SDBAlbumArtList Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBAlbumArtList\Clsid]
@="{CBD2D647-2951-4B6B-9E4F-9F86460DFD5E}"

[HKEY_CLASSES_ROOT\SongsDB.SDBAlbums]
@="SDBAlbums Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBAlbums\Clsid]
@="{5191CAFF-A745-4FE5-A192-767CF809823D}"

[HKEY_CLASSES_ROOT\SongsDB.SDBApplication]
@="SDBApplication Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBApplication\Clsid]
@="{148F7BB6-4943-4C53-8E30-0F9115D30283}"

[HKEY_CLASSES_ROOT\SongsDB.SDBArtist]
@="SDBArtist Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBArtist\Clsid]
@="{678D2B8C-D4FA-4087-97E2-9E6CAA10322F}"

[HKEY_CLASSES_ROOT\SongsDB.SDBArtists]
@="SDBArtists Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBArtists\Clsid]
@="{D3823CB6-635D-40B9-8744-E6621A13815A}"

[HKEY_CLASSES_ROOT\SongsDB.SDBCommonDialog]
@="SDBCommonDialog Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBCommonDialog\Clsid]
@="{BEB50AAC-4796-44DC-ABCE-A017CC85489E}"

[HKEY_CLASSES_ROOT\SongsDB.SDBDatabase]
@="SDBDatabase Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBDatabase\Clsid]
@="{5997EFC2-503C-4D8A-89F4-DD17393F07A6}"

[HKEY_CLASSES_ROOT\SongsDB.SDBDBIterator]
@="SDBDBIterator Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBDBIterator\Clsid]
@="{9F1E992A-F117-4CB0-B077-7F050F8DF8E2}"

[HKEY_CLASSES_ROOT\SongsDB.SDBDevice]
@="SDBDevice Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBDevice\Clsid]
@="{1036EE86-E7FA-4188-8A8C-C8538DFEE8B8}"

[HKEY_CLASSES_ROOT\SongsDB.SDBDeviceList]
@="SDBDeviceList Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBDeviceList\Clsid]
@="{CF173AC2-17D1-45DE-9771-0B69EAB906A0}"

[HKEY_CLASSES_ROOT\SongsDB.SDBDropTarget]
@="SDBDropTarget"

[HKEY_CLASSES_ROOT\SongsDB.SDBDropTarget\Clsid]
@="{AB97EDE4-091B-405F-83E6-9A31AD18EDAF}"

[HKEY_CLASSES_ROOT\SongsDB.SDBDropTargetLast]
@="SDBDropTargetLast"

[HKEY_CLASSES_ROOT\SongsDB.SDBDropTargetLast\Clsid]
@="{59924C9D-ED53-42AC-A2BA-1A5CA42D412D}"

[HKEY_CLASSES_ROOT\SongsDB.SDBDropTargetNext]
@="SDBDropTargetNext"

[HKEY_CLASSES_ROOT\SongsDB.SDBDropTargetNext\Clsid]
@="{14D51F54-D86B-4925-9BF6-5F582AF76FAA}"

[HKEY_CLASSES_ROOT\SongsDB.SDBDropTargetRip]
@="SDBDropTargetRip"

[HKEY_CLASSES_ROOT\SongsDB.SDBDropTargetRip\Clsid]
@="{7903D765-DA8C-4CB9-ADF2-F88D82E6BFFE}"

[HKEY_CLASSES_ROOT\SongsDB.SDBFileSystem]
@="SDBFileSystem Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBFileSystem\Clsid]
@="{8F9F89DF-2252-4D71-9CA5-E3CD15DC7073}"

[HKEY_CLASSES_ROOT\SongsDB.SDBHWEvents]
@="SDBHWEvents"

[HKEY_CLASSES_ROOT\SongsDB.SDBHWEvents\Clsid]
@="{0BA2D9E2-D4C8-45B2-8F5B-B3ADE5E461E6}"

[HKEY_CLASSES_ROOT\SongsDB.SDBImage]
@="SDBImage Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBImage\Clsid]
@="{17C64717-EFE8-44BA-AB8F-DCD34524DD31}"

[HKEY_CLASSES_ROOT\SongsDB.SDBIniFile]
@="SDBIniFile Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBIniFile\Clsid]
@="{3981ED1A-D706-4A7F-9A58-3A8EAB9BCA33}"

[HKEY_CLASSES_ROOT\SongsDB.SDBMedia]
@="SDBMedia Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBMedia\Clsid]
@="{25FBF537-7850-48E4-90A0-8519EBA1A053}"

[HKEY_CLASSES_ROOT\SongsDB.SDBMenuItem]
@="SDBMenuItem Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBMenuItem\Clsid]
@="{92C40377-A07B-48E8-81AC-6ADCA700C536}"

[HKEY_CLASSES_ROOT\SongsDB.SDBPlayer]
@="SDBPlayer Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBPlayer\Clsid]
@="{9DD8C561-427F-4DAB-B388-1C0837DB0FBD}"

[HKEY_CLASSES_ROOT\SongsDB.SDBPlaylist]
@="SDBPlaylist Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBPlaylist\Clsid]
@="{EDAAD31C-FEBC-4C21-BA3D-89388C6619CC}"

[HKEY_CLASSES_ROOT\SongsDB.SDBPlaylists]
@="SDBPlaylists Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBPlaylists\Clsid]
@="{0632ED14-116D-4CB4-B5E6-2945C4193D81}"

[HKEY_CLASSES_ROOT\SongsDB.SDBProgress]
@="SDBProgress Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBProgress\Clsid]
@="{FC025122-8B9D-4C8A-BB21-5305526BD3F6}"

[HKEY_CLASSES_ROOT\SongsDB.SDBRegistry]
@="SDBRegistry Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBRegistry\Clsid]
@="{B8F819B6-7CF1-4C92-90C7-B3BD45BCAA8D}"

[HKEY_CLASSES_ROOT\SongsDB.SDBScriptControl]
@="SDBScriptControl Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBScriptControl\Clsid]
@="{B49EB7C9-4F81-496F-8FDC-1CE6FBA6EB04}"

[HKEY_CLASSES_ROOT\SongsDB.SDBSongData]
@="SDBSongData Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBSongData\Clsid]
@="{6BFDE5D2-6CC2-4F56-B5E7-D77E2BDBDFC1}"

[HKEY_CLASSES_ROOT\SongsDB.SDBSongIterator]
@="SDBSongIterator Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBSongIterator\Clsid]
@="{E3023C76-065D-4882-80CC-86D6C585EF90}"

[HKEY_CLASSES_ROOT\SongsDB.SDBSongList]
@="SDBSongList Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBSongList\Clsid]
@="{6D1A5B5D-E66B-41B5-8990-D876C697363C}"

[HKEY_CLASSES_ROOT\SongsDB.SDBStringList]
@="SDBStringList Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBStringList\Clsid]
@="{11340F80-9B0E-4072-B2CB-2629379A956F}"

[HKEY_CLASSES_ROOT\SongsDB.SDBTextFile]
@="SDBTextFile Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBTextFile\Clsid]
@="{64C870C4-35CA-4EC3-B548-DE48C1398E14}"

[HKEY_CLASSES_ROOT\SongsDB.SDBTimer]
@="SDBTimer Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBTimer\Clsid]
@="{6B9AC9EF-BCAF-457F-A843-4987C87413C9}"

[HKEY_CLASSES_ROOT\SongsDB.SDBTools]
@="SDBTools Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBTools\Clsid]
@="{41FC2986-BA3B-4827-A9D8-6E6B406BD808}"

[HKEY_CLASSES_ROOT\SongsDB.SDBTracksWindow]
@="SDBTracksWindow Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBTracksWindow\Clsid]
@="{E6C73E13-7546-4A75-A53D-A97EDA76C941}"

[HKEY_CLASSES_ROOT\SongsDB.SDBTrackSynchStatus]
@="SDBTrackSynchStatus Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBTrackSynchStatus\Clsid]
@="{45A75B30-FEB8-48D3-B215-7E70602B47D8}"

[HKEY_CLASSES_ROOT\SongsDB.SDBTree]
@="SDBTree Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBTree\Clsid]
@="{553EDFDA-388A-475E-A5C1-2E80B96DE6F9}"

[HKEY_CLASSES_ROOT\SongsDB.SDBTreeNode]
@="SDBTreeNode Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBTreeNode\Clsid]
@="{32EAD83F-AEEC-4F15-ABF6-C97186DD4EEE}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUI]
@="SDBUI Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUI\Clsid]
@="{592BF4D1-7ACF-4177-B56C-3EDC680ABF14}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIActiveX]
@="SDBUIActiveX Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIActiveX\Clsid]
@="{DCAAEA6B-7A67-4F4D-93A5-23E565A8AE94}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIButton]
@="SDBUIButton Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIButton\Clsid]
@="{47688C41-46E0-4879-9CD6-5585DD41055A}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUICheckBox]
@="SDBUICheckBox Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUICheckBox\Clsid]
@="{732E6889-F75C-4A07-8BA7-4F5414775FA4}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUICommon]
@="SDBUICommon Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUICommon\Clsid]
@="{70488D17-1533-4FCC-A234-9320DB980E5E}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIDockablePanel]
@="SDBUIDockablePanel Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIDockablePanel\Clsid]
@="{778382D4-A8EF-4740-9FA9-F99C06664A3E}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIDropDown]
@="SDBUIDropDown Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIDropDown\Clsid]
@="{4F520AC5-5916-47EF-B229-612D73B6F543}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIEdit]
@="SDBUIEdit Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIEdit\Clsid]
@="{80735E54-75C7-4E7F-9780-CA7774D6ABDB}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIForm]
@="SDBUIForm Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIForm\Clsid]
@="{1967A0F0-B926-47B5-876E-F548BD2C96BC}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUILabel]
@="SDBUILabel Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUILabel\Clsid]
@="{1339436D-4ECE-40B7-B861-26F7024181B2}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIPanel]
@="SDBUIPanel Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIPanel\Clsid]
@="{242AB4BE-7BC9-4148-9CB2-56894E0709E1}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIRadioButton]
@="SDBUIRadioButton Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUIRadioButton\Clsid]
@="{C259899B-D2B9-4F73-8E14-57EC3381BB05}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUISpinEdit]
@="SDBUISpinEdit Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUISpinEdit\Clsid]
@="{259C512B-A4A2-4BB1-A0A4-BE2997F3C0B0}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUITrackBar]
@="SDBUITrackBar Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUITrackBar\Clsid]
@="{30BC8FC9-2E92-4134-B1A6-E376535D1415}"

[HKEY_CLASSES_ROOT\SongsDB.SDBUITranspPanel]
@="SDBUITranspPanel Object"

[HKEY_CLASSES_ROOT\SongsDB.SDBUITranspPanel\Clsid]
@="{A60D63C8-A653-4726-BED7-2FB0F7ACEE4B}"

[HKEY_CLASSES_ROOT\uTorrent]

[HKEY_CLASSES_ROOT\uTorrent\shell]
@="open"

[HKEY_CLASSES_ROOT\Vtx.Document]
@="Vtx Document"

[HKEY_CLASSES_ROOT\Vtx.Document\Shell]
@=""

[HKEY_CLASSES_ROOT\WinDVDX.playback]

[HKEY_CLASSES_ROOT\WinDVDX.playback\shell]

[HKEY_CLASSES_ROOT\Applications\uTorrent.exe]

[HKEY_CLASSES_ROOT\Applications\uTorrent.exe\shell]
@="open"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Malwarebytes' RogueRemover FREE_is1]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000

Hujo · 11.04.2008

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

nyks · 11.04.2008

En tiedä millainen se combofix ohjelma on mutta musta tuntuu ettei se tee mitään. Painan ykköstä ja se vaan on. Voisitko kertoa vähän tarkemmin?
Epäiletkö säkin että koneessa on jotain?

Hujo · 12.04.2008

edit

nyks · 11.04.2008

Mä oon ihan tyhmä! Pitaisikö mun kaikkia ohjelmia valita?

Hujo · 11.04.2008

Tehääs nyt tälläin eli katto noi ohjeet tarkaan ja laita sen mukaan..
sittten aja sen ohjeen mukaan.

====

Ohje AVG:n Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG:n Anti-Spyware 7.5:n
ja tallenna ohjelma työpöydällesi.
o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
o Käynnistä AVG:n Anti-Spyware.
o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

o Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
o "Resident shield is", muuta tila active:sta inactive:ksi
o Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä koneesi vikasietotilaan,
sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter

Toisissa koneissa paukutetaan F8:sin sijasta F5:tä

HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

==================

Mitäs se kaveri meinas kun hjt:tä käski laitella.
Oliko kone hidas
vai mikis epäili olevan koneella jotain

==================

Tossa on ohjetta mitä voit koneelle tehdä
Ohjetta

nyks · 12.04.2008

Kone yhtäkkiä rupesi hidastelemaan, löytyi muutama haittaohjelmaa eikä niitä F- Secure pystynyt poistamaan. En enää kaikkea muistakaan.
Se on varmaa että mulla on koneessa kaikkea turhaa mutta kun en tiedä mitä saan tai en saa poistaa. Mä seuraan sun ohjeita ja yritän rauhallisesti ottaa, mutta autathan jos taas tulen tänne vinkumaan..

nyks · 12.04.2008

Mitähän mä sanoin, taas tässä minuutin päästä. Saanko mä ladata sitä Anti- Spywarea kun mulla on F- Secure?

Hujo · 12.04.2008

edit

nyks · 12.04.2008

Toi Anti-Spyware 7.5 Onko se siellä nimellä Anti-Virus? Sitä mä en saa asentaa. Puutuu kai joku avain?! Keksitkö jotain muuta mitä mä voisin tehdä?!

Hujo · 12.04.2008

Koitas tuosta linkistä

AVG Anti-Spyware Free Edition 7.5

nyks · 12.04.2008

Hujolle:

Moi, täällä minä taas. Nyt aloitan ihan alusta.
Kiitos kun sä olit niin avulias ja sori kun mä olin ihan toivoton tapaus. En tajua yhtään mitään mistään.
Mutta mä latasin kaikki ohjelmat joita sä neuvoit paitsi Combofix. Se ei tehnyt mitään. Ei varmaan tarvinnut kaikkia ladata mutta en enää tienyt mitä teen. Sen ymmärsin että olisi pari virusta.
Tässä lokit niistä:

CCleanerWindows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\Archived.dll"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\Graph.ocx"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgpropsht.dll"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\AniGifDisplay.ocx"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\trayrfin.dll"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\rgnurls.ini"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\banner.ini"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\is5unin.isu"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\pconfig.dcf"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sus.dll"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\dimpls\\dmdimpls.dll"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sfcwall31.dll"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\vxhttp.dll"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv9]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv9\OpenWithList]

[HKEY_CLASSES_ROOT\acrobat\shell\open]

[HKEY_CLASSES_ROOT\acrobat\shell\open\command]
@="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe /u \"%1\""

[HKEY_CLASSES_ROOT\acrobat\shell\open\ddeexec]
@="[HandleAcroURL(\"%1\")]"

[HKEY_CLASSES_ROOT\acrobat\shell\open\ddeexec\application]
@="Acroview"

[HKEY_CLASSES_ROOT\acrobat\shell\open\ddeexec\topic]
@="Control"

[HKEY_CLASSES_ROOT\AcroExch.Document\DefaultIcon]
@="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe,1"

[HKEY_CLASSES_ROOT\AcroExch.Document\shell\open]

[HKEY_CLASSES_ROOT\AcroExch.Document\shell\open\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

[HKEY_CLASSES_ROOT\AcroExch.Document\shell\print]

[HKEY_CLASSES_ROOT\AcroExch.Document\shell\print\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /p /h \"%1\""

[HKEY_CLASSES_ROOT\AcroExch.Document\shell\printto]

[HKEY_CLASSES_ROOT\AcroExch.Document\shell\printto\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /t \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Open]

[HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Open\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

[HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Print]

[HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Print\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /p /h \"%1\""

[HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Printto]

[HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Printto\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /t \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Read]
@="Avaa Adobe Reader 8:lla"

[HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Read\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

[HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Open]

[HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Open\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

[HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Print]
@="Print"

[HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Print\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /p /h \"%1\""

[HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Printto]

[HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Printto\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /t \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Read]
@="Avaa Adobe Reader 8:lla"

[HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Read\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""
"command"=hex(7):33,00,34,00,54,00,4c,00,60,00,6b,00,6c,00,6d,00,35,00,28,00,4d,\
00,36,00,64,00,7e,00,28,00,26,00,43,00,7a,00,7a,00,21,00,52,00,65,00,61,00,\
64,00,65,00,72,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,3e,00,6c,00,7b,00,6e,00,5e,00,72,00,79,00,3f,00,4f,00,74,00,\
40,00,32,00,64,00,31,00,6c,00,63,00,21,00,59,00,4a,00,51,00,72,00,20,00,22,\
00,25,00,31,00,22,00,00,00,00,00

[HKEY_CLASSES_ROOT\AcroExch.RMFFile\shell\open]

[HKEY_CLASSES_ROOT\AcroExch.RMFFile\shell\open\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

[HKEY_CLASSES_ROOT\AcroExch.RMFFile\shell\Read]
@="Avaa Adobe Reader 8:lla"

[HKEY_CLASSES_ROOT\AcroExch.RMFFile\shell\Read\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""
"command"=hex(7):33,00,34,00,54,00,4c,00,60,00,6b,00,6c,00,6d,00,35,00,28,00,4d,\
00,36,00,64,00,7e,00,28,00,26,00,43,00,7a,00,7a,00,21,00,52,00,65,00,61,00,\
64,00,65,00,72,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,3e,00,6c,00,7b,00,6e,00,5e,00,72,00,79,00,3f,00,4f,00,74,00,\
40,00,32,00,64,00,31,00,6c,00,63,00,21,00,59,00,4a,00,51,00,72,00,20,00,22,\
00,25,00,31,00,22,00,00,00,00,00

[HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Open]

[HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Open\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

[HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Print]

[HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Print\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /p /h \"%1\""

[HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Printto]

[HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Printto\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /t \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Read]
@="Avaa Adobe Reader 8:lla"

[HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Read\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""
"command"=hex(7):33,00,34,00,54,00,4c,00,60,00,6b,00,6c,00,6d,00,35,00,28,00,4d,\
00,36,00,64,00,7e,00,28,00,26,00,43,00,7a,00,7a,00,21,00,52,00,65,00,61,00,\
64,00,65,00,72,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,3e,00,6c,00,7b,00,6e,00,5e,00,72,00,79,00,3f,00,4f,00,74,00,\
40,00,32,00,64,00,31,00,6c,00,63,00,21,00,59,00,4a,00,51,00,72,00,20,00,22,\
00,25,00,31,00,22,00,00,00,00,00

[HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Open]

[HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Open\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

[HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Print]
@=""

[HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Print\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /p /h \"%1\" "

[HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Printto]

[HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Printto\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /t \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Read]
@="Avaa Adobe Reader 8:lla"

[HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Read\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""
"command"=hex(7):33,00,34,00,54,00,4c,00,60,00,6b,00,6c,00,6d,00,35,00,28,00,4d,\
00,36,00,64,00,7e,00,28,00,26,00,43,00,7a,00,7a,00,21,00,52,00,65,00,61,00,\
64,00,65,00,72,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,3e,00,6c,00,7b,00,6e,00,5e,00,72,00,79,00,3f,00,4f,00,74,00,\
40,00,32,00,64,00,31,00,6c,00,63,00,21,00,59,00,4a,00,51,00,72,00,20,00,22,\
00,25,00,31,00,22,00,00,00,00,00

[HKEY_CLASSES_ROOT\EBXTransfer\shell\open]
"EditFlags"=hex:01,00,00,00

[HKEY_CLASSES_ROOT\EBXTransfer\shell\open\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

[HKEY_CLASSES_ROOT\EDNActivation\shell\open]
"EditFlags"=hex:01,00,00,00

[HKEY_CLASSES_ROOT\EDNActivation\shell\open\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

[HKEY_CLASSES_ROOT\PDXFileType\shell\Read]
@="Avaa Adobe Reader 8:lla"

[HKEY_CLASSES_ROOT\PDXFileType\shell\Read\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""
"command"=hex(7):33,00,34,00,54,00,4c,00,60,00,6b,00,6c,00,6d,00,35,00,28,00,4d,\
00,36,00,64,00,7e,00,28,00,26,00,43,00,7a,00,7a,00,21,00,52,00,65,00,61,00,\
64,00,65,00,72,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,3e,00,6c,00,7b,00,6e,00,5e,00,72,00,79,00,3f,00,4f,00,74,00,\
40,00,32,00,64,00,31,00,6c,00,63,00,21,00,59,00,4a,00,51,00,72,00,20,00,22,\
00,25,00,31,00,22,00,00,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{12BA069D-0FC6-4577-97C6-5DF634CE6E84}]
@="PSFactoryBuffer"

[HKEY_CLASSES_ROOT\CLSID\{12BA069D-0FC6-4577-97C6-5DF634CE6E84}\InProcServer32]
"ThreadingModel"="Both"
@="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\viewerps.dll"

[HKEY_CLASSES_ROOT\CLSID\{17F2E344-8227-4AA7-A25A-E89424566BBA}]
@="PSFactoryBuffer"

[HKEY_CLASSES_ROOT\CLSID\{17F2E344-8227-4AA7-A25A-E89424566BBA}\InProcServer32]
"ThreadingModel"="Both"
@="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\pdfprevhndlr.dll"

[HKEY_CLASSES_ROOT\CLSID\{27061AEB-9557-11D3-B203-00C04F68FC09}]
@="TriggerEventSink Class"

[HKEY_CLASSES_ROOT\CLSID\{27061AEB-9557-11D3-B203-00C04F68FC09}\InprocServer32]
@="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgpropsht.dll"
"InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
00,72,00,65,00,3e,00,65,00,5e,00,60,00,60,00,55,00,2b,00,41,00,7e,00,5b,00,\
39,00,38,00,2c,00,70,00,5a,00,68,00,4a,00,58,00,45,00,5a,00,34,00,00,00,b5,\
00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
00,99,00,00,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{27061AEB-9557-11D3-B203-00C04F68FC09}\ProgID]
@="PropSheet.TriggerEventSink.1"

[HKEY_CLASSES_ROOT\CLSID\{27061AEB-9557-11D3-B203-00C04F68FC09}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{27061AEB-9557-11D3-B203-00C04F68FC09}\TypeLib]
@="{7989B7B3-7B6F-11D3-B1FD-00C04F68FC09}"

[HKEY_CLASSES_ROOT\CLSID\{27061AEB-9557-11D3-B203-00C04F68FC09}\VersionIndependentProgID]
@="PropSheet.TriggerEventSink"

[HKEY_CLASSES_ROOT\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}]
"AppID"="{5D238751-7E51-4F24-9E7D-93C58881B20B}"
"DisplayName"="@\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\pdfprevhndlrshim.exe\",-101"
@="Adobe PDF Preview Handler"

[HKEY_CLASSES_ROOT\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}\LocalServer32]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\pdfprevhndlrshim.exe\""

[HKEY_CLASSES_ROOT\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}\ProgID]
@="PDFPrevHndlrShim.PDFPrevHndlrShim.1"

[HKEY_CLASSES_ROOT\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}\TypeLib]
@="{A58FB5B3-CF96-4C63-B0D2-232A1AEA1A1B}"

[HKEY_CLASSES_ROOT\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}\VersionIndependentProgID]
@="PDFPrevHndlrShim.PDFPrevHndlrShim"

[HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}]
@="Archive Scanning Backup Trigger"

[HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\InprocServer32]
@="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\Archived.dll"
"InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
00,72,00,65,00,3e,00,5d,00,29,00,4f,00,62,00,34,00,64,00,51,00,33,00,70,00,\
3d,00,39,00,61,00,61,00,65,00,4f,00,65,00,62,00,6a,00,30,00,28,00,00,00,b5,\
00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
00,99,00,00,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\ProgID]
@="Archived.TriggerBackup.1"

[HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\Schedule]
@="List of schedules"

[HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\TypeLib]
@="{5DC98F20-9109-11D3-9EC5-0050041C9F05}"

[HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\VersionIndependentProgID]
@="Archived.TriggerBackup"

[HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\Volume]
@="List of volumes"

[HKEY_CLASSES_ROOT\CLSID\{7989B7C3-7B6F-11D3-B1FD-00C04F68FC09}]
@="PropExt Class"

[HKEY_CLASSES_ROOT\CLSID\{7989B7C3-7B6F-11D3-B1FD-00C04F68FC09}\InprocServer32]
@="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgpropsht.dll"
"InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
00,72,00,65,00,3e,00,65,00,5e,00,60,00,60,00,55,00,2b,00,41,00,7e,00,5b,00,\
39,00,38,00,2c,00,70,00,5a,00,68,00,4a,00,58,00,45,00,5a,00,34,00,00,00,b5,\
00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
00,99,00,00,00,00,00
"ThreadingModel"="both"

[HKEY_CLASSES_ROOT\CLSID\{7989B7C3-7B6F-11D3-B1FD-00C04F68FC09}\ProgID]
@="PropSheet.DGPropExt.1"

[HKEY_CLASSES_ROOT\CLSID\{7989B7C3-7B6F-11D3-B1FD-00C04F68FC09}\VersionIndependentProgID]
@="PropSheet.DGPropExt"

[HKEY_CLASSES_ROOT\CLSID\{8215BA54-B69F-4275-AE11-31CB63593B09}]
@="PSFactoryBuffer"

[HKEY_CLASSES_ROOT\CLSID\{8215BA54-B69F-4275-AE11-31CB63593B09}\InProcServer32]
"ThreadingModel"="Both"
@="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRdIF.dll"

[HKEY_CLASSES_ROOT\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}]
"AppID"="{A5090E95-F1E2-41C8-BDA1-5AEB6C321FDE}"
@="PDFShellInfo Class"

[HKEY_CLASSES_ROOT\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\LocalServer32]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32Info.exe\" /PDFShell"

[HKEY_CLASSES_ROOT\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\ProgID]
@="PDFShellServer.PDFShellInfo.1"

[HKEY_CLASSES_ROOT\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\TypeLib]
@="{41C5FFFE-36DD-415D-9ED0-2976A342A1C8}"

[HKEY_CLASSES_ROOT\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\VersionIndependentProgID]
@="PDFShellServer.PDFShellInfo"

[HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}]
@="AcrobatAccess Class"
"AppID"="{8A523F4F-AB44-4477-BAB0-151E5936D144}"

[HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32]
@="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\plug_ins\\Accessibility.api"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID]
@="AcroAccess.AcrobatAccess.1"

[HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib]
@="{C523F390-9C83-11D3-9094-00104BD0D535}"

[HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID]
@="AcroAccess.AcrobatAccess"

[HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}]
@="Graph Control"

[HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\Control]

[HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\InprocServer32]
@="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\Graph.ocx"
"InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
00,72,00,65,00,3e,00,26,00,2c,00,38,00,6e,00,67,00,59,00,52,00,4e,00,77,00,\
3f,00,54,00,69,00,6f,00,37,00,42,00,31,00,58,00,74,00,6e,00,61,00,00,00,b5,\
00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
00,99,00,00,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\ProgID]
@="GRAPH.GraphCtrl.1"

[HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\ToolboxBitmap32]
@="C:\\PROGRA~1\\COMMON~1\\Sonic\\UPDATE~1\\Graph.ocx, 1"

[HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\TypeLib]
@="{C6173BC2-55C5-11D3-80B8-005004AD33D2}"

[HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{C6173BC6-55C5-11D3-80B8-005004AD33D2}]
@="Graph Property Page"

[HKEY_CLASSES_ROOT\CLSID\{C6173BC6-55C5-11D3-80B8-005004AD33D2}\InprocServer32]
@="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\Graph.ocx"
"InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
00,72,00,65,00,3e,00,26,00,2c,00,38,00,6e,00,67,00,59,00,52,00,4e,00,77,00,\
3f,00,54,00,69,00,6f,00,37,00,42,00,31,00,58,00,74,00,6e,00,61,00,00,00,b5,\
00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
00,99,00,00,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}]
@="Anigifdisplay Control"

[HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\Control]

[HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\InprocServer32]
@="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\AniGifDisplay.ocx"
"InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
00,72,00,65,00,3e,00,4b,00,3f,00,68,00,2b,00,28,00,74,00,33,00,53,00,6c,00,\
38,00,65,00,58,00,2a,00,41,00,5e,00,47,00,71,00,71,00,54,00,48,00,00,00,b5,\
00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
00,99,00,00,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\ProgID]
@="ANIGIFDISPLAY.AnigifdisplayCtrl.1"

[HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\ToolboxBitmap32]
@="C:\\PROGRA~1\\COMMON~1\\Sonic\\UPDATE~1\\ANIGIF~1.OCX, 1"

[HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\TypeLib]
@="{C8373FC7-E31B-11D3-A08C-00C04F68FC09}"

[HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{C8373FCB-E31B-11D3-A08C-00C04F68FC09}]
@="Anigifdisplay Property Page"

[HKEY_CLASSES_ROOT\CLSID\{C8373FCB-E31B-11D3-A08C-00C04F68FC09}\InprocServer32]
@="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\AniGifDisplay.ocx"
"InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
00,72,00,65,00,3e,00,4b,00,3f,00,68,00,2b,00,28,00,74,00,33,00,53,00,6c,00,\
38,00,65,00,58,00,2a,00,41,00,5e,00,47,00,71,00,71,00,54,00,48,00,00,00,b5,\
00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
00,99,00,00,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}]
"AppID"="{A5090E95-F1E2-41C8-BDA1-5AEB6C321FDE}"
@="PDFShellInfo2 Class"

[HKEY_CLASSES_ROOT\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\LocalServer32]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32Info.exe\" /PDFShell"

[HKEY_CLASSES_ROOT\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\ProgID]
@="PDFShellServer.PDFShellInfo2.1"

[HKEY_CLASSES_ROOT\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\TypeLib]
@="{41C5FFFE-36DD-415D-9ED0-2976A342A1C8}"

[HKEY_CLASSES_ROOT\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\VersionIndependentProgID]
@="PDFShellServer.PDFShellInfo2"

[HKEY_CLASSES_ROOT\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}]
"DisplayName"="@C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\pdfprevhndlr.dll,-101"
"AppID"="{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}"
"DisableLowILProcessIsolation"=dword:00000001
@="Adobe PDF Preview Handler for Vista"

[HKEY_CLASSES_ROOT\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\InprocServer32]
"ThreadingModel"="Apartment"
@="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\pdfprevhndlr.dll"

[HKEY_CLASSES_ROOT\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\ProgID]
@="PDFPrevHndlr.PDFPreviewHandler.1"

[HKEY_CLASSES_ROOT\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\TypeLib]
@="{0F6D3808-7974-4B1A-94C2-3200767EACE8}"

[HKEY_CLASSES_ROOT\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\VersionIndependentProgID]
@="PDFPrevHndlr.PDFPreviewHandler"

[HKEY_CLASSES_ROOT\CLSID\{E2F2B592-B326-11D3-B22A-00C04F68FC09}]
@="SGBackupAgent Class"

[HKEY_CLASSES_ROOT\CLSID\{E2F2B592-B326-11D3-B22A-00C04F68FC09}\InprocServer32]
@="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\Archived.dll"
"InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
00,72,00,65,00,3e,00,5d,00,29,00,4f,00,62,00,34,00,64,00,51,00,33,00,70,00,\
3d,00,39,00,61,00,61,00,65,00,4f,00,65,00,62,00,6a,00,30,00,28,00,00,00,b5,\
00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
00,99,00,00,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{E2F2B592-B326-11D3-B22A-00C04F68FC09}\ProgID]
@="Agent.SGBackupAgent.1"

[HKEY_CLASSES_ROOT\CLSID\{E2F2B592-B326-11D3-B22A-00C04F68FC09}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{E2F2B592-B326-11D3-B22A-00C04F68FC09}\TypeLib]
@="{E2F2B585-B326-11D3-B22A-00C04F68FC09}"

[HKEY_CLASSES_ROOT\CLSID\{E2F2B592-B326-11D3-B22A-00C04F68FC09}\VersionIndependentProgID]
@="Agent.SGBackupAgent"

[HKEY_CLASSES_ROOT\CLSID\{E8978DA6-047F-4E3D-9C78-CDBE46041603}]
@="PDF Filter"

[HKEY_CLASSES_ROOT\CLSID\{E8978DA6-047F-4E3D-9C78-CDBE46041603}\InprocServer32]
@="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRdIF.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\shell\Read]

[HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\shell\Read\command]
@="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\AcroRd32.exe]
@="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"
"Path"="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe]
@="C:\\nesto\\ComboFix.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\SGTRAY.EXE]
@="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Common Files\\Sonic\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\dimpls\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AMT\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Adobe\\Reader 8.0\\Setup Files\\{AC76BA86-7AD7-1035-7B44-A81200000003}\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9884A144-3433-4FB8-A861-45903051CA86}]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DEE8F129-2771-4599-B6A4-96DFEBF46006}]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DriveCleaner 2006 Free]
"Order"=hex:08,00,00,00,02,00,00,00,28,03,00,00,01,00,00,00,05,00,00,00,8c,\
00,00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,\
32,00,1c,03,00,00,79,35,c6,99,20,00,44,52,49,56,45,43,7e,31,2e,4c,4e,4b,00,\
00,42,00,03,00,04,00,ef,be,79,35,c6,99,8b,38,96,a9,14,00,00,00,44,00,72,00,\
69,00,76,00,65,00,43,00,6c,00,65,00,61,00,6e,00,65,00,72,00,20,00,32,00,30,\
00,30,00,36,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
00,00,00,00,1c,00,00,00,00,00,00,00,00,00,9e,00,00,00,01,00,00,00,90,00,00,\
00,41,75,67,4d,02,00,00,00,01,00,00,00,7e,00,32,00,53,02,00,00,79,35,c7,99,\
20,00,44,52,49,56,45,43,7e,32,2e,4c,4e,4b,00,00,54,00,03,00,04,00,ef,be,79,\
35,c7,99,8b,38,96,a9,14,00,00,00,44,00,72,00,69,00,76,00,65,00,43,00,6c,00,\
65,00,61,00,6e,00,65,00,72,00,20,00,32,00,30,00,30,00,36,00,20,00,48,00,6f,\
00,6d,00,65,00,50,00,61,00,67,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,a8,00,00,\
00,02,00,00,00,9a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,88,00,32,00,\
5d,02,00,00,79,35,c7,99,20,00,44,52,49,56,45,43,7e,33,2e,4c,4e,4b,00,00,5e,\
00,03,00,04,00,ef,be,79,35,c7,99,8b,38,96,a9,14,00,00,00,44,00,72,00,69,00,\
76,00,65,00,43,00,6c,00,65,00,61,00,6e,00,65,00,72,00,20,00,32,00,30,00,30,\
00,36,00,20,00,4f,00,6e,00,6c,00,69,00,6e,00,65,00,20,00,4d,00,61,00,6e,00,\
75,00,61,00,6c,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,aa,00,00,00,03,00,00,00,9c,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8a,00,32,00,61,02,00,00,79,35,c7,\
99,20,00,44,52,49,56,45,43,7e,34,2e,4c,4e,4b,00,00,60,00,03,00,04,00,ef,be,\
79,35,c7,99,8b,38,96,a9,14,00,00,00,44,00,72,00,69,00,76,00,65,00,43,00,6c,\
00,65,00,61,00,6e,00,65,00,72,00,20,00,32,00,30,00,30,00,36,00,20,00,4f,00,\
6e,00,6c,00,69,00,6e,00,65,00,20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,a0,00,00,00,04,00,00,00,92,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,80,00,32,00,32,06,00,00,79,35,4a,b3,20,00,55,4e,\
49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,56,00,03,00,04,00,ef,be,79,35,c7,99,8b,\
38,96,a9,14,00,00,00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,\
20,00,44,00,72,00,69,00,76,00,65,00,43,00,6c,00,65,00,61,00,6e,00,65,00,72,\
00,20,00,32,00,30,00,30,00,36,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\RogueRemover FREE]
"Order"=hex:08,00,00,00,02,00,00,00,98,00,00,00,01,00,00,00,01,00,00,00,8c,\
00,00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,\
32,00,ce,02,00,00,8a,38,c7,89,20,00,52,4f,47,55,45,52,7e,31,2e,4c,4e,4b,00,\
00,42,00,03,00,04,00,ef,be,8a,38,c7,89,8b,38,96,a9,14,00,00,00,52,00,6f,00,\
67,00,75,00,65,00,52,00,65,00,6d,00,6f,00,76,00,65,00,72,00,20,00,46,00,52,\
00,45,00,45,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"="Adobe Reader 8.1"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"="Sonic Update Manager"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"="Adobe Acrobat SpeedLauncher"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\moji programi\\HJTInstall.exe"="HijackThis"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Downloads\\ccsetup206[1].exe"="CCleaner Installer"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\nesto\\ComboFix.exe"="ComboFix"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\OMISTA~1.000\\LOCALS~1\\Temp\\~nsu.tmp\\Au_.exe"="CCleaner Installer"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\nesto\\avg_avwt_stf_all_8_93a1283.exe"="avg_avwt_stf_all_8_93a1283"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\OMISTA~1.000\\LOCALS~1\\Temp\\RarSFX0\\avgsetup.exe"="AVG Setup"

HijackthisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Elisa\Avustaja\Elisa.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200645140109
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11744 bytes

eScan

File C:\Documents and Settings\Omistaja.BANJALUKA.000\Suosikit\Kuhinja\Kozaracki kuhar.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Omistaja.BANJALUKA.000\Suosikit\Snimanje\Najnovije.net Second Edition Pocetna.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

En tehnyt poistoa. En käynyt katsomassa mutta tässä (http://koti.mbnet.fi/pattaya1/eScanCheck.htm) kun se ohje on, niin pitäisikö mun tehdä sitä. Meinaan jos ei ole mitään vaikeaa.

Latasin myös StartUpLite

Please kurkas vielä kerran ja auta..

Hujo · 12.04.2008

Tehäs näin

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

nyks · 12.04.2008

Tässä on pakko olla jotain outoa. Se tekee samaa kuin se combofix. Eli ei mitään. Vilkkuu kirjain Y. Pitääkö se mennä niin etten mä ruudussa näe mitään vai mitä mä teen väärin?

Hujo · 12.04.2008

paina y ja sit enter

nyks · 12.04.2008

Juu hoidettu. Arvaa nolottaako?!
Okei tein niin. Tässä raportit:

SDFix: Version 1.169
Run by Omistaja on 2008-04-12 at 16:08

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\nesto\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 16:14:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"="C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe:*:Enabled:Elisa Avustaja"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\nesto\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 18 Jan 2008 196 A.SHR --- "C:\BOOT.BAK"
Wed 8 May 2002 188 ...H. --- "C:\WINDOWS\Mi1cnie1k1rn5n38.dll"
Sat 25 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 7 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 19 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Elisa\Avustaja\Elisa.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200645140109
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11744 bytes

Hujo · 12.04.2008

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

nyks · 12.04.2008

Tein niinkin. Voisitko vastata vielä seuraaviin kysymyksiin:
Onko mulla enää niitä viruksia?
Oliko tässä kaikki?
Kaikki nämä ohjelmat joita käytin, poistanko ne ja tarvitaessa tulen taas tänne teitä kiusamaan vai mitkä voisin jättää ja käyttää ne uudestaan siis tarvittaessa? Mihin tarkoitukseen ne on olemassa?

Kirjaudu tai liity jäseneksi

HijackThis kanssa tyttö pulassa

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

HijackThis kanssa tyttö pulassa

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

Hujo Guest

nyks Member

Jaa tämä sivu

Hyödyllisiä hakuja