1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

HijackThis kanssa tyttö pulassa

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi nyks 10.04.2008.

  1. nyks

    nyks Member

    Liittynyt:
    14.01.2008
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Kaverini epäilee että koneessani on jotain. Käski tehdä tarkistuksen hijackthisin kans ja nyt kun se on tehty, ollaan ihan pihalla. Emme tajua yhtään mitään tästä logista.
    Olisiko joku kiltti että katselisi tätä ja kertoisi onko jotain siinä?
    Kiitoksia paljon..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:48:46, on 10.4.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Elisa\Avustaja\Elisa.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'Default user')
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200645140109
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 11219 bytes
     
  2.  
  3. Hujo

    Hujo Guest

    annetaas ensin tuon vähän työstää.

    Lataa Tästä Ccleaner
    CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!

    laita asetukset näin:
    Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

    aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
    aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

    =================

    Escan
    Ohjeet tuolla sivulla.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm
    lataa tuosta
    http://www.spywareinfo.dk/download/mwav.exe
    päivitä tuosta
    http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
    laita täpit merkkauksien mukaan
    http://koti.mbnet.fi/pattaya1/eScan6.jpg

    scannaa

    jos ala luukkuun tulee jotain niin kopioi se näin:
    Käytä komentoa Ctrl+A.
    Kopioi rivit komennolla Ctrl+C.
    Liitä rivit komennolla Ctrl+V.

    Laita virus log tänne.


     
  4. nyks

    nyks Member

    Liittynyt:
    14.01.2008
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Jostain syystä en pääse vastaamaan tähän tai sitten tulee monta samaa vastausta. Anteeksi!
    Olen tehnyt niin kuin sanoit paitsi etten osannut kopioida niin kuin käskit. Varmuuskopio meni kovalevylle ja tässä se on.
    Tein puhdistus kolme kertaa eikä enää ollut mitään poistettavaa. Virheitä on ollut ja ne on korjattu.
    Toivottavasti tämä raportti on just se mikä mun piti laittaa.
    Kiitos avusta!

    Windows Registry Editor Version 5.00


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPP]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPP\OpenWithProgids]
    "MediaMonkey.File"=hex(0):

    [HKEY_CLASSES_ROOT\Connection Manager Profile]
    @="Connection Manager Profile"

    [HKEY_CLASSES_ROOT\Connection Manager Profile\shell]

    [HKEY_CLASSES_ROOT\DIRECT.ddPalette.3]
    @="DirectDrawPalette 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.ddPalette.3\CLSID]
    @="{F3CA5713-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.ddSurface.3]
    @="DirectDrawSurface 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.ddSurface.3\CLSID]
    @="{F3CA570D-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.DiectPlay2.3]
    @="DirectPlay2 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DiectPlay2.3\CLSID]
    @="{0514B040-84EA-11D0-A8BF-00A0C9008A48}"

    [HKEY_CLASSES_ROOT\DIRECT.DiectPlayLobby.3]
    @="DirectPlayLobby 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DiectPlayLobby.3\CLSID]
    @="{BFFFD262-7705-11D0-B5DC-444553540000}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3d.3]
    @="Direct3d 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3d.3\CLSID]
    @="{F3CA56CB-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dDevice.3]
    @="DirectInputDevice 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dDevice.3\CLSID]
    @="{F3CA575B-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dExecuteBuffer.3]
    @="Direct3dExecuteBuffer 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dExecuteBuffer.3\CLSID]
    @="{F3CA56E3-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dLight.3]
    @="Direct3dLight 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dLight.3\CLSID]
    @="{F3CA56D7-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dMaterial.3]
    @="Direct3dMaterial 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dMaterial.3\CLSID]
    @="{F3CA56DD-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRM.3]
    @="Direct3dRM 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRM.3\CLSID]
    @="{F3CA56F5-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMAnimation.3]
    @="Direct3dRMAnimation 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMAnimation.3\CLSID]
    @="{F3CA56B3-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMAnimationSet.3]
    @="Direct3dRMAnimationSet 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMAnimationSet.3\CLSID]
    @="{F3CA56B9-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMArray.3]
    @=""

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMArray.3\CLSID]
    @="{F3CA5791-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMDevice.3]
    @="Direct3dRMDevice 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMDevice.3\CLSID]
    @="{F3CA567D-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMDeviceArray.3]
    @="Direct3dRMDeviceArray 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMDeviceArray.3\CLSID]
    @="{F3CA572B-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFace.3]
    @="Direct3dRMFace 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFace.3\CLSID]
    @="{F3CA5695-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFaceArray.3]
    @="Direct3dRMFaceArray 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFaceArray.3\CLSID]
    @="{F3CA5755-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFrame.3]
    @="Direct3dRMFrame 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFrame.3\CLSID]
    @="{F3CA5683-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFrameArray.3]
    @="Direct3dRMFrameArray 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMFrameArray.3\CLSID]
    @="{F3CA5737-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMLight.3]
    @="Direct3dRMLight 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMLight.3\CLSID]
    @="{F3CA569B-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMLightArray.3]
    @="Direct3dRMLightArray 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMLightArray.3\CLSID]
    @="{F3CA5749-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMMaterial.3]
    @="Direct3dRMMaterial 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMMaterial.3\CLSID]
    @="{F3CA56AD-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMMesh.3]
    @="Direct3dRMMesh 31.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMMesh.3\CLSID]
    @="{F3CA5689-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMMeshBuilder.3]
    @="Direct3dRMMeshBuilder 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMMeshBuilder.3\CLSID]
    @="{F3CA568F-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMObject.3]
    @="Direct3dRMObject 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMObject.3\CLSID]
    @="{F3CA56FB-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMPickedArray.3]
    @="Direct3dRMPickedArray 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMPickedArray.3\CLSID]
    @="{F3CA574F-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMShadow.3]
    @="Direct3dRMShadow 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMShadow.3\CLSID]
    @="{F3CA56C5-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMTexture.3]
    @="Direct3dRMTexture 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMTexture.3\CLSID]
    @="{F3CA56A1-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMUserVisual.3]
    @="Direct3dRMUserVisual 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMUserVisual.3\CLSID]
    @="{F3CA56BF-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMViewport.3]
    @="Direct3dRMViewport 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMViewport.3\CLSID]
    @="{F3CA5677-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMViewportArray.3]
    @="Direct3dRMViewportArray 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMViewportArray.3\CLSID]
    @="{F3CA5731-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMVisual.3]
    @="Direct3dRMVisual 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMVisual.3\CLSID]
    @="{F3CA5701-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMVisualArray.3]
    @="Direct3dRMVisualArray 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMVisualArray.3\CLSID]
    @="{F3CA573D-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMWinDevice.3]
    @="Direct3dRMWinDevice 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMWinDevice.3\CLSID]
    @="{F3CA5707-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMWrap.3]
    @="Direct3dRMWrap 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dRMWrap.3\CLSID]
    @="{F3CA56A7-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dTexture.3]
    @="Direct3dTexture 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dTexture.3\CLSID]
    @="{F3CA56D1-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dViewport.3]
    @="Direct3dViewport 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.Direct3dViewport.3\CLSID]
    @="{F3CA56EF-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.DirectDraw.3]
    @="DirectDraw 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DirectDraw.3\CLSID]
    @="{F3CA566B-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.DirectDrawBitmap.3]
    @="DirectDrawBitmap 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DirectDrawBitmap.3\CLSID]
    @="{F3CA56E9-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.DirectDrawClipper.3]
    @="DirectDrawClipper 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DirectDrawClipper.3\CLSID]
    @="{F3CA5671-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.DirectDrawPalette.3]
    @="DirectDrawPalette 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DirectDrawPalette.3\CLSID]
    @="{F3CA5713-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.DirectDrawSurface.3]
    @="DirectDrawSurface 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DirectDrawSurface.3\CLSID]
    @="{F3CA570D-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.DirectPlay2.3]
    @="DirectPlay2 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DirectPlay2.3\CLSID]
    @="{0514B040-84EA-11D0-A8BF-00A0C9008A48}"

    [HKEY_CLASSES_ROOT\DIRECT.DirectPlayLobby.3]
    @="DirectPlayLobby 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DirectPlayLobby.3\CLSID]
    @="{BFFFD262-7705-11D0-B5DC-444553540000}"

    [HKEY_CLASSES_ROOT\DIRECT.DirectSound.3]
    @="DirectSound 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DirectSound.3\CLSID]
    @="{F3CA5665-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.DirectSound3dBuffer.3]
    @="DirectSound3DBufer 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DirectSound3dBuffer.3\CLSID]
    @="{F3CA57EB-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.DirectSound3dListener.3]
    @="Directsound3DLister 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DirectSound3dListener.3\CLSID]
    @="{F3CA57E5-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.DirectSoundBuffer.3]
    @="DirectSoundBuffer 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DirectSoundBuffer.3\CLSID]
    @="{F3CA571F-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.DirectSoundResource.3]
    @="DirectInput 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.DirectSoundResource.3\CLSID]
    @="{F3CA5767-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\DIRECT.JoyStick.3]
    @="DirectInput 3.0 Object"

    [HKEY_CLASSES_ROOT\DIRECT.JoyStick.3\CLSID]
    @="{F3CA57DF-C5DA-11CF-8F28-00AA0060FD48}"

    [HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin]
    @="ActiveXPlugin Object"

    [HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin\CLSID]
    @="{06DD38D3-D187-11CF-A80D-00C04FD74AD8}"

    [HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin\CurVer]
    @="Microsoft.ActiveXPlugin.1"

    [HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin\NotInsertable]

    [HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin.1]
    @="ActiveXPlugin Object"

    [HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin.1\CLSID]
    @="{06DD38D3-D187-11CF-A80D-00C04FD74AD8}"

    [HKEY_CLASSES_ROOT\Microsoft.ActiveXPlugin.1\NotInsertable]

    [HKEY_CLASSES_ROOT\ppifile]
    @="Microsoft Passport -asetukset"

    [HKEY_CLASSES_ROOT\ppifile\shell]

    [HKEY_CLASSES_ROOT\RTCIMSP.RTCIMService]
    @="RTCIMService Class"

    [HKEY_CLASSES_ROOT\RTCIMSP.RTCIMService\CLSID]
    @="{83D4679F-B6D7-11D2-BF36-00C04FB90A03}"

    [HKEY_CLASSES_ROOT\RTCIMSP.RTCIMService\CurVer]
    @="RTCIMSP.RTCIMService.1"

    [HKEY_CLASSES_ROOT\RTCIMSP.RTCIMService.1]
    @="RTCIMService Class"

    [HKEY_CLASSES_ROOT\RTCIMSP.RTCIMService.1\CLSID]
    @="{83D4679F-B6D7-11D2-BF36-00C04FB90A03}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBAlbum]
    @="SDBAlbum Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBAlbum\Clsid]
    @="{DE84FCEF-2C39-4379-AAF9-6C4A24F546F7}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBAlbumArtItem]
    @="SDBAlbumArtItem Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBAlbumArtItem\Clsid]
    @="{271724C3-5F42-49FE-988D-B47D695B3BDA}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBAlbumArtList]
    @="SDBAlbumArtList Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBAlbumArtList\Clsid]
    @="{CBD2D647-2951-4B6B-9E4F-9F86460DFD5E}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBAlbums]
    @="SDBAlbums Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBAlbums\Clsid]
    @="{5191CAFF-A745-4FE5-A192-767CF809823D}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBApplication]
    @="SDBApplication Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBApplication\Clsid]
    @="{148F7BB6-4943-4C53-8E30-0F9115D30283}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBArtist]
    @="SDBArtist Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBArtist\Clsid]
    @="{678D2B8C-D4FA-4087-97E2-9E6CAA10322F}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBArtists]
    @="SDBArtists Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBArtists\Clsid]
    @="{D3823CB6-635D-40B9-8744-E6621A13815A}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBCommonDialog]
    @="SDBCommonDialog Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBCommonDialog\Clsid]
    @="{BEB50AAC-4796-44DC-ABCE-A017CC85489E}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDatabase]
    @="SDBDatabase Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDatabase\Clsid]
    @="{5997EFC2-503C-4D8A-89F4-DD17393F07A6}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDBIterator]
    @="SDBDBIterator Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDBIterator\Clsid]
    @="{9F1E992A-F117-4CB0-B077-7F050F8DF8E2}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDevice]
    @="SDBDevice Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDevice\Clsid]
    @="{1036EE86-E7FA-4188-8A8C-C8538DFEE8B8}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDeviceList]
    @="SDBDeviceList Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDeviceList\Clsid]
    @="{CF173AC2-17D1-45DE-9771-0B69EAB906A0}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDropTarget]
    @="SDBDropTarget"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDropTarget\Clsid]
    @="{AB97EDE4-091B-405F-83E6-9A31AD18EDAF}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDropTargetLast]
    @="SDBDropTargetLast"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDropTargetLast\Clsid]
    @="{59924C9D-ED53-42AC-A2BA-1A5CA42D412D}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDropTargetNext]
    @="SDBDropTargetNext"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDropTargetNext\Clsid]
    @="{14D51F54-D86B-4925-9BF6-5F582AF76FAA}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDropTargetRip]
    @="SDBDropTargetRip"

    [HKEY_CLASSES_ROOT\SongsDB.SDBDropTargetRip\Clsid]
    @="{7903D765-DA8C-4CB9-ADF2-F88D82E6BFFE}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBFileSystem]
    @="SDBFileSystem Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBFileSystem\Clsid]
    @="{8F9F89DF-2252-4D71-9CA5-E3CD15DC7073}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBHWEvents]
    @="SDBHWEvents"

    [HKEY_CLASSES_ROOT\SongsDB.SDBHWEvents\Clsid]
    @="{0BA2D9E2-D4C8-45B2-8F5B-B3ADE5E461E6}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBImage]
    @="SDBImage Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBImage\Clsid]
    @="{17C64717-EFE8-44BA-AB8F-DCD34524DD31}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBIniFile]
    @="SDBIniFile Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBIniFile\Clsid]
    @="{3981ED1A-D706-4A7F-9A58-3A8EAB9BCA33}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBMedia]
    @="SDBMedia Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBMedia\Clsid]
    @="{25FBF537-7850-48E4-90A0-8519EBA1A053}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBMenuItem]
    @="SDBMenuItem Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBMenuItem\Clsid]
    @="{92C40377-A07B-48E8-81AC-6ADCA700C536}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBPlayer]
    @="SDBPlayer Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBPlayer\Clsid]
    @="{9DD8C561-427F-4DAB-B388-1C0837DB0FBD}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBPlaylist]
    @="SDBPlaylist Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBPlaylist\Clsid]
    @="{EDAAD31C-FEBC-4C21-BA3D-89388C6619CC}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBPlaylists]
    @="SDBPlaylists Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBPlaylists\Clsid]
    @="{0632ED14-116D-4CB4-B5E6-2945C4193D81}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBProgress]
    @="SDBProgress Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBProgress\Clsid]
    @="{FC025122-8B9D-4C8A-BB21-5305526BD3F6}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBRegistry]
    @="SDBRegistry Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBRegistry\Clsid]
    @="{B8F819B6-7CF1-4C92-90C7-B3BD45BCAA8D}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBScriptControl]
    @="SDBScriptControl Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBScriptControl\Clsid]
    @="{B49EB7C9-4F81-496F-8FDC-1CE6FBA6EB04}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBSongData]
    @="SDBSongData Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBSongData\Clsid]
    @="{6BFDE5D2-6CC2-4F56-B5E7-D77E2BDBDFC1}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBSongIterator]
    @="SDBSongIterator Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBSongIterator\Clsid]
    @="{E3023C76-065D-4882-80CC-86D6C585EF90}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBSongList]
    @="SDBSongList Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBSongList\Clsid]
    @="{6D1A5B5D-E66B-41B5-8990-D876C697363C}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBStringList]
    @="SDBStringList Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBStringList\Clsid]
    @="{11340F80-9B0E-4072-B2CB-2629379A956F}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTextFile]
    @="SDBTextFile Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTextFile\Clsid]
    @="{64C870C4-35CA-4EC3-B548-DE48C1398E14}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTimer]
    @="SDBTimer Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTimer\Clsid]
    @="{6B9AC9EF-BCAF-457F-A843-4987C87413C9}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTools]
    @="SDBTools Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTools\Clsid]
    @="{41FC2986-BA3B-4827-A9D8-6E6B406BD808}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTracksWindow]
    @="SDBTracksWindow Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTracksWindow\Clsid]
    @="{E6C73E13-7546-4A75-A53D-A97EDA76C941}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTrackSynchStatus]
    @="SDBTrackSynchStatus Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTrackSynchStatus\Clsid]
    @="{45A75B30-FEB8-48D3-B215-7E70602B47D8}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTree]
    @="SDBTree Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTree\Clsid]
    @="{553EDFDA-388A-475E-A5C1-2E80B96DE6F9}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTreeNode]
    @="SDBTreeNode Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBTreeNode\Clsid]
    @="{32EAD83F-AEEC-4F15-ABF6-C97186DD4EEE}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUI]
    @="SDBUI Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUI\Clsid]
    @="{592BF4D1-7ACF-4177-B56C-3EDC680ABF14}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIActiveX]
    @="SDBUIActiveX Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIActiveX\Clsid]
    @="{DCAAEA6B-7A67-4F4D-93A5-23E565A8AE94}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIButton]
    @="SDBUIButton Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIButton\Clsid]
    @="{47688C41-46E0-4879-9CD6-5585DD41055A}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUICheckBox]
    @="SDBUICheckBox Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUICheckBox\Clsid]
    @="{732E6889-F75C-4A07-8BA7-4F5414775FA4}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUICommon]
    @="SDBUICommon Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUICommon\Clsid]
    @="{70488D17-1533-4FCC-A234-9320DB980E5E}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIDockablePanel]
    @="SDBUIDockablePanel Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIDockablePanel\Clsid]
    @="{778382D4-A8EF-4740-9FA9-F99C06664A3E}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIDropDown]
    @="SDBUIDropDown Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIDropDown\Clsid]
    @="{4F520AC5-5916-47EF-B229-612D73B6F543}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIEdit]
    @="SDBUIEdit Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIEdit\Clsid]
    @="{80735E54-75C7-4E7F-9780-CA7774D6ABDB}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIForm]
    @="SDBUIForm Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIForm\Clsid]
    @="{1967A0F0-B926-47B5-876E-F548BD2C96BC}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUILabel]
    @="SDBUILabel Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUILabel\Clsid]
    @="{1339436D-4ECE-40B7-B861-26F7024181B2}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIPanel]
    @="SDBUIPanel Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIPanel\Clsid]
    @="{242AB4BE-7BC9-4148-9CB2-56894E0709E1}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIRadioButton]
    @="SDBUIRadioButton Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUIRadioButton\Clsid]
    @="{C259899B-D2B9-4F73-8E14-57EC3381BB05}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUISpinEdit]
    @="SDBUISpinEdit Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUISpinEdit\Clsid]
    @="{259C512B-A4A2-4BB1-A0A4-BE2997F3C0B0}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUITrackBar]
    @="SDBUITrackBar Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUITrackBar\Clsid]
    @="{30BC8FC9-2E92-4134-B1A6-E376535D1415}"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUITranspPanel]
    @="SDBUITranspPanel Object"

    [HKEY_CLASSES_ROOT\SongsDB.SDBUITranspPanel\Clsid]
    @="{A60D63C8-A653-4726-BED7-2FB0F7ACEE4B}"

    [HKEY_CLASSES_ROOT\uTorrent]

    [HKEY_CLASSES_ROOT\uTorrent\shell]
    @="open"

    [HKEY_CLASSES_ROOT\Vtx.Document]
    @="Vtx Document"

    [HKEY_CLASSES_ROOT\Vtx.Document\Shell]
    @=""

    [HKEY_CLASSES_ROOT\WinDVDX.playback]

    [HKEY_CLASSES_ROOT\WinDVDX.playback\shell]

    [HKEY_CLASSES_ROOT\Applications\uTorrent.exe]

    [HKEY_CLASSES_ROOT\Applications\uTorrent.exe\shell]
    @="open"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Malwarebytes' RogueRemover FREE_is1]
    "SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
    00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00
    "Changed"=dword:00000000
     
  5. Hujo

    Hujo Guest

    1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
  6. nyks

    nyks Member

    Liittynyt:
    14.01.2008
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    En tiedä millainen se combofix ohjelma on mutta musta tuntuu ettei se tee mitään. Painan ykköstä ja se vaan on. Voisitko kertoa vähän tarkemmin?
    Epäiletkö säkin että koneessa on jotain?
     
  7. Hujo

    Hujo Guest

    edit
     
    Moderaattorin viimeksi muokkaama: 12.04.2008
  8. nyks

    nyks Member

    Liittynyt:
    14.01.2008
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Mä oon ihan tyhmä! Pitaisikö mun kaikkia ohjelmia valita?
     
  9. Hujo

    Hujo Guest

    Tehääs nyt tälläin eli katto noi ohjeet tarkaan ja laita sen mukaan..
    sittten aja sen ohjeen mukaan.

    ====

    Ohje AVG:n Anti-Spyware 7.5:n käyttöön
    Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.

    Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

    Lataa AVG:n Anti-Spyware 7.5:n
    ja tallenna ohjelma työpöydällesi.
    o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    o Käynnistä AVG:n Anti-Spyware.
    o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

    o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

    o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

    o Sitten "Reports" valikon alta:
    o Laita täppi kohtaan "Automatically generate report after every scan"
    o Ota täppi pois kohdasta"Only if threats were found"

    o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    o "Resident shield is", muuta tila active:sta inactive:ksi
    o Sulje ohjelma, ÄLÄ skannaa vielä.

    Käynnistä koneesi vikasietotilaan,
    sammuta ja käynnistä
    käynnistyksen yhteydessä naputtele F8
    valitse nuoli näppäimellä vikasietotila
    paina enter ja enter

    Toisissa koneissa paukutetaan F8:sin sijasta F5:tä

    HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
    o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
    o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

    Kun skannaus on valmis:
    TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
    [​IMG]
    o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
    o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

    ==================

    Mitäs se kaveri meinas kun hjt:tä käski laitella.
    Oliko kone hidas
    vai mikis epäili olevan koneella jotain

    ==================

    Tossa on ohjetta mitä voit koneelle tehdä
    Ohjetta
     
    Moderaattorin viimeksi muokkaama: 11.04.2008
  10. nyks

    nyks Member

    Liittynyt:
    14.01.2008
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Kone yhtäkkiä rupesi hidastelemaan, löytyi muutama haittaohjelmaa eikä niitä F- Secure pystynyt poistamaan. En enää kaikkea muistakaan.
    Se on varmaa että mulla on koneessa kaikkea turhaa mutta kun en tiedä mitä saan tai en saa poistaa. Mä seuraan sun ohjeita ja yritän rauhallisesti ottaa, mutta autathan jos taas tulen tänne vinkumaan..

     
  11. nyks

    nyks Member

    Liittynyt:
    14.01.2008
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Mitähän mä sanoin, taas tässä minuutin päästä. Saanko mä ladata sitä Anti- Spywarea kun mulla on F- Secure?
     
  12. Hujo

    Hujo Guest

    edit
     
    Moderaattorin viimeksi muokkaama: 12.04.2008
  13. nyks

    nyks Member

    Liittynyt:
    14.01.2008
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Toi Anti-Spyware 7.5 Onko se siellä nimellä Anti-Virus? Sitä mä en saa asentaa. Puutuu kai joku avain?! Keksitkö jotain muuta mitä mä voisin tehdä?!
     
  14. Hujo

    Hujo Guest

  15. nyks

    nyks Member

    Liittynyt:
    14.01.2008
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Hujolle:

    Moi, täällä minä taas. Nyt aloitan ihan alusta.
    Kiitos kun sä olit niin avulias ja sori kun mä olin ihan toivoton tapaus. En tajua yhtään mitään mistään.
    Mutta mä latasin kaikki ohjelmat joita sä neuvoit paitsi Combofix. Se ei tehnyt mitään. Ei varmaan tarvinnut kaikkia ladata mutta en enää tienyt mitä teen. Sen ymmärsin että olisi pari virusta.
    Tässä lokit niistä:

    CCleanerWindows Registry Editor Version 5.00


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\Archived.dll"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\Graph.ocx"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgpropsht.dll"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\AniGifDisplay.ocx"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\trayrfin.dll"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\rgnurls.ini"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\banner.ini"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\is5unin.isu"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\pconfig.dcf"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sus.dll"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\dimpls\\dmdimpls.dll"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sfcwall31.dll"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\vxhttp.dll"=dword:00000001

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv9]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv9\OpenWithList]

    [HKEY_CLASSES_ROOT\acrobat\shell\open]

    [HKEY_CLASSES_ROOT\acrobat\shell\open\command]
    @="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe /u \"%1\""

    [HKEY_CLASSES_ROOT\acrobat\shell\open\ddeexec]
    @="[HandleAcroURL(\"%1\")]"

    [HKEY_CLASSES_ROOT\acrobat\shell\open\ddeexec\application]
    @="Acroview"

    [HKEY_CLASSES_ROOT\acrobat\shell\open\ddeexec\topic]
    @="Control"

    [HKEY_CLASSES_ROOT\AcroExch.Document\DefaultIcon]
    @="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe,1"

    [HKEY_CLASSES_ROOT\AcroExch.Document\shell\open]

    [HKEY_CLASSES_ROOT\AcroExch.Document\shell\open\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

    [HKEY_CLASSES_ROOT\AcroExch.Document\shell\print]

    [HKEY_CLASSES_ROOT\AcroExch.Document\shell\print\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /p /h \"%1\""

    [HKEY_CLASSES_ROOT\AcroExch.Document\shell\printto]

    [HKEY_CLASSES_ROOT\AcroExch.Document\shell\printto\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /t \"%1\" \"%2\" \"%3\" \"%4\""

    [HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Open]

    [HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Open\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

    [HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Print]

    [HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Print\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /p /h \"%1\""

    [HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Printto]

    [HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Printto\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /t \"%1\" \"%2\" \"%3\" \"%4\""

    [HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Read]
    @="Avaa Adobe Reader 8:lla"

    [HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\Read\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

    [HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Open]

    [HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Open\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

    [HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Print]
    @="Print"

    [HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Print\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /p /h \"%1\""

    [HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Printto]

    [HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Printto\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /t \"%1\" \"%2\" \"%3\" \"%4\""

    [HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Read]
    @="Avaa Adobe Reader 8:lla"

    [HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\Read\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""
    "command"=hex(7):33,00,34,00,54,00,4c,00,60,00,6b,00,6c,00,6d,00,35,00,28,00,4d,\
    00,36,00,64,00,7e,00,28,00,26,00,43,00,7a,00,7a,00,21,00,52,00,65,00,61,00,\
    64,00,65,00,72,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
    00,65,00,73,00,3e,00,6c,00,7b,00,6e,00,5e,00,72,00,79,00,3f,00,4f,00,74,00,\
    40,00,32,00,64,00,31,00,6c,00,63,00,21,00,59,00,4a,00,51,00,72,00,20,00,22,\
    00,25,00,31,00,22,00,00,00,00,00

    [HKEY_CLASSES_ROOT\AcroExch.RMFFile\shell\open]

    [HKEY_CLASSES_ROOT\AcroExch.RMFFile\shell\open\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

    [HKEY_CLASSES_ROOT\AcroExch.RMFFile\shell\Read]
    @="Avaa Adobe Reader 8:lla"

    [HKEY_CLASSES_ROOT\AcroExch.RMFFile\shell\Read\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""
    "command"=hex(7):33,00,34,00,54,00,4c,00,60,00,6b,00,6c,00,6d,00,35,00,28,00,4d,\
    00,36,00,64,00,7e,00,28,00,26,00,43,00,7a,00,7a,00,21,00,52,00,65,00,61,00,\
    64,00,65,00,72,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
    00,65,00,73,00,3e,00,6c,00,7b,00,6e,00,5e,00,72,00,79,00,3f,00,4f,00,74,00,\
    40,00,32,00,64,00,31,00,6c,00,63,00,21,00,59,00,4a,00,51,00,72,00,20,00,22,\
    00,25,00,31,00,22,00,00,00,00,00

    [HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Open]

    [HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Open\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

    [HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Print]

    [HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Print\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /p /h \"%1\""

    [HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Printto]

    [HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Printto\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /t \"%1\" \"%2\" \"%3\" \"%4\""

    [HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Read]
    @="Avaa Adobe Reader 8:lla"

    [HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\Read\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""
    "command"=hex(7):33,00,34,00,54,00,4c,00,60,00,6b,00,6c,00,6d,00,35,00,28,00,4d,\
    00,36,00,64,00,7e,00,28,00,26,00,43,00,7a,00,7a,00,21,00,52,00,65,00,61,00,\
    64,00,65,00,72,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
    00,65,00,73,00,3e,00,6c,00,7b,00,6e,00,5e,00,72,00,79,00,3f,00,4f,00,74,00,\
    40,00,32,00,64,00,31,00,6c,00,63,00,21,00,59,00,4a,00,51,00,72,00,20,00,22,\
    00,25,00,31,00,22,00,00,00,00,00

    [HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Open]

    [HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Open\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

    [HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Print]
    @=""

    [HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Print\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /p /h \"%1\" "

    [HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Printto]

    [HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Printto\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" /t \"%1\" \"%2\" \"%3\" \"%4\""

    [HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Read]
    @="Avaa Adobe Reader 8:lla"

    [HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\Read\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""
    "command"=hex(7):33,00,34,00,54,00,4c,00,60,00,6b,00,6c,00,6d,00,35,00,28,00,4d,\
    00,36,00,64,00,7e,00,28,00,26,00,43,00,7a,00,7a,00,21,00,52,00,65,00,61,00,\
    64,00,65,00,72,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
    00,65,00,73,00,3e,00,6c,00,7b,00,6e,00,5e,00,72,00,79,00,3f,00,4f,00,74,00,\
    40,00,32,00,64,00,31,00,6c,00,63,00,21,00,59,00,4a,00,51,00,72,00,20,00,22,\
    00,25,00,31,00,22,00,00,00,00,00

    [HKEY_CLASSES_ROOT\EBXTransfer\shell\open]
    "EditFlags"=hex:01,00,00,00

    [HKEY_CLASSES_ROOT\EBXTransfer\shell\open\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

    [HKEY_CLASSES_ROOT\EDNActivation\shell\open]
    "EditFlags"=hex:01,00,00,00

    [HKEY_CLASSES_ROOT\EDNActivation\shell\open\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

    [HKEY_CLASSES_ROOT\PDXFileType\shell\Read]
    @="Avaa Adobe Reader 8:lla"

    [HKEY_CLASSES_ROOT\PDXFileType\shell\Read\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""
    "command"=hex(7):33,00,34,00,54,00,4c,00,60,00,6b,00,6c,00,6d,00,35,00,28,00,4d,\
    00,36,00,64,00,7e,00,28,00,26,00,43,00,7a,00,7a,00,21,00,52,00,65,00,61,00,\
    64,00,65,00,72,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
    00,65,00,73,00,3e,00,6c,00,7b,00,6e,00,5e,00,72,00,79,00,3f,00,4f,00,74,00,\
    40,00,32,00,64,00,31,00,6c,00,63,00,21,00,59,00,4a,00,51,00,72,00,20,00,22,\
    00,25,00,31,00,22,00,00,00,00,00

    [HKEY_CLASSES_ROOT\CLSID\{12BA069D-0FC6-4577-97C6-5DF634CE6E84}]
    @="PSFactoryBuffer"

    [HKEY_CLASSES_ROOT\CLSID\{12BA069D-0FC6-4577-97C6-5DF634CE6E84}\InProcServer32]
    "ThreadingModel"="Both"
    @="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\viewerps.dll"

    [HKEY_CLASSES_ROOT\CLSID\{17F2E344-8227-4AA7-A25A-E89424566BBA}]
    @="PSFactoryBuffer"

    [HKEY_CLASSES_ROOT\CLSID\{17F2E344-8227-4AA7-A25A-E89424566BBA}\InProcServer32]
    "ThreadingModel"="Both"
    @="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\pdfprevhndlr.dll"

    [HKEY_CLASSES_ROOT\CLSID\{27061AEB-9557-11D3-B203-00C04F68FC09}]
    @="TriggerEventSink Class"

    [HKEY_CLASSES_ROOT\CLSID\{27061AEB-9557-11D3-B203-00C04F68FC09}\InprocServer32]
    @="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgpropsht.dll"
    "InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
    00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
    70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
    00,72,00,65,00,3e,00,65,00,5e,00,60,00,60,00,55,00,2b,00,41,00,7e,00,5b,00,\
    39,00,38,00,2c,00,70,00,5a,00,68,00,4a,00,58,00,45,00,5a,00,34,00,00,00,b5,\
    00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
    b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
    8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
    00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
    00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
    00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
    00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
    00,99,00,00,00,00,00
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\CLSID\{27061AEB-9557-11D3-B203-00C04F68FC09}\ProgID]
    @="PropSheet.TriggerEventSink.1"

    [HKEY_CLASSES_ROOT\CLSID\{27061AEB-9557-11D3-B203-00C04F68FC09}\Programmable]

    [HKEY_CLASSES_ROOT\CLSID\{27061AEB-9557-11D3-B203-00C04F68FC09}\TypeLib]
    @="{7989B7B3-7B6F-11D3-B1FD-00C04F68FC09}"

    [HKEY_CLASSES_ROOT\CLSID\{27061AEB-9557-11D3-B203-00C04F68FC09}\VersionIndependentProgID]
    @="PropSheet.TriggerEventSink"

    [HKEY_CLASSES_ROOT\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}]
    "AppID"="{5D238751-7E51-4F24-9E7D-93C58881B20B}"
    "DisplayName"="@\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\pdfprevhndlrshim.exe\",-101"
    @="Adobe PDF Preview Handler"

    [HKEY_CLASSES_ROOT\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}\LocalServer32]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\pdfprevhndlrshim.exe\""

    [HKEY_CLASSES_ROOT\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}\ProgID]
    @="PDFPrevHndlrShim.PDFPrevHndlrShim.1"

    [HKEY_CLASSES_ROOT\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}\Programmable]

    [HKEY_CLASSES_ROOT\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}\TypeLib]
    @="{A58FB5B3-CF96-4C63-B0D2-232A1AEA1A1B}"

    [HKEY_CLASSES_ROOT\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}\VersionIndependentProgID]
    @="PDFPrevHndlrShim.PDFPrevHndlrShim"

    [HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}]
    @="Archive Scanning Backup Trigger"

    [HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\InprocServer32]
    @="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\Archived.dll"
    "InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
    00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
    70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
    00,72,00,65,00,3e,00,5d,00,29,00,4f,00,62,00,34,00,64,00,51,00,33,00,70,00,\
    3d,00,39,00,61,00,61,00,65,00,4f,00,65,00,62,00,6a,00,30,00,28,00,00,00,b5,\
    00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
    b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
    8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
    00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
    00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
    00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
    00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
    00,99,00,00,00,00,00
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\ProgID]
    @="Archived.TriggerBackup.1"

    [HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\Programmable]

    [HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\Schedule]
    @="List of schedules"

    [HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\TypeLib]
    @="{5DC98F20-9109-11D3-9EC5-0050041C9F05}"

    [HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\VersionIndependentProgID]
    @="Archived.TriggerBackup"

    [HKEY_CLASSES_ROOT\CLSID\{5DC98F2D-9109-11D3-9EC5-0050041C9F05}\Volume]
    @="List of volumes"

    [HKEY_CLASSES_ROOT\CLSID\{7989B7C3-7B6F-11D3-B1FD-00C04F68FC09}]
    @="PropExt Class"

    [HKEY_CLASSES_ROOT\CLSID\{7989B7C3-7B6F-11D3-B1FD-00C04F68FC09}\InprocServer32]
    @="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgpropsht.dll"
    "InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
    00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
    70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
    00,72,00,65,00,3e,00,65,00,5e,00,60,00,60,00,55,00,2b,00,41,00,7e,00,5b,00,\
    39,00,38,00,2c,00,70,00,5a,00,68,00,4a,00,58,00,45,00,5a,00,34,00,00,00,b5,\
    00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
    b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
    8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
    00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
    00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
    00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
    00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
    00,99,00,00,00,00,00
    "ThreadingModel"="both"

    [HKEY_CLASSES_ROOT\CLSID\{7989B7C3-7B6F-11D3-B1FD-00C04F68FC09}\ProgID]
    @="PropSheet.DGPropExt.1"

    [HKEY_CLASSES_ROOT\CLSID\{7989B7C3-7B6F-11D3-B1FD-00C04F68FC09}\VersionIndependentProgID]
    @="PropSheet.DGPropExt"

    [HKEY_CLASSES_ROOT\CLSID\{8215BA54-B69F-4275-AE11-31CB63593B09}]
    @="PSFactoryBuffer"

    [HKEY_CLASSES_ROOT\CLSID\{8215BA54-B69F-4275-AE11-31CB63593B09}\InProcServer32]
    "ThreadingModel"="Both"
    @="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRdIF.dll"

    [HKEY_CLASSES_ROOT\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}]
    "AppID"="{A5090E95-F1E2-41C8-BDA1-5AEB6C321FDE}"
    @="PDFShellInfo Class"

    [HKEY_CLASSES_ROOT\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\LocalServer32]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32Info.exe\" /PDFShell"

    [HKEY_CLASSES_ROOT\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\ProgID]
    @="PDFShellServer.PDFShellInfo.1"

    [HKEY_CLASSES_ROOT\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\TypeLib]
    @="{41C5FFFE-36DD-415D-9ED0-2976A342A1C8}"

    [HKEY_CLASSES_ROOT\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\VersionIndependentProgID]
    @="PDFShellServer.PDFShellInfo"

    [HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}]
    @="AcrobatAccess Class"
    "AppID"="{8A523F4F-AB44-4477-BAB0-151E5936D144}"

    [HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32]
    @="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\plug_ins\\Accessibility.api"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID]
    @="AcroAccess.AcrobatAccess.1"

    [HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib]
    @="{C523F390-9C83-11D3-9094-00104BD0D535}"

    [HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID]
    @="AcroAccess.AcrobatAccess"

    [HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}]
    @="Graph Control"

    [HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\Control]

    [HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\InprocServer32]
    @="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\Graph.ocx"
    "InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
    00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
    70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
    00,72,00,65,00,3e,00,26,00,2c,00,38,00,6e,00,67,00,59,00,52,00,4e,00,77,00,\
    3f,00,54,00,69,00,6f,00,37,00,42,00,31,00,58,00,74,00,6e,00,61,00,00,00,b5,\
    00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
    b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
    8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
    00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
    00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
    00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
    00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
    00,99,00,00,00,00,00
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\MiscStatus]
    @="0"

    [HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\MiscStatus\1]
    @="131473"

    [HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\ProgID]
    @="GRAPH.GraphCtrl.1"

    [HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\ToolboxBitmap32]
    @="C:\\PROGRA~1\\COMMON~1\\Sonic\\UPDATE~1\\Graph.ocx, 1"

    [HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\TypeLib]
    @="{C6173BC2-55C5-11D3-80B8-005004AD33D2}"

    [HKEY_CLASSES_ROOT\CLSID\{C6173BC5-55C5-11D3-80B8-005004AD33D2}\Version]
    @="1.0"

    [HKEY_CLASSES_ROOT\CLSID\{C6173BC6-55C5-11D3-80B8-005004AD33D2}]
    @="Graph Property Page"

    [HKEY_CLASSES_ROOT\CLSID\{C6173BC6-55C5-11D3-80B8-005004AD33D2}\InprocServer32]
    @="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\Graph.ocx"
    "InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
    00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
    70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
    00,72,00,65,00,3e,00,26,00,2c,00,38,00,6e,00,67,00,59,00,52,00,4e,00,77,00,\
    3f,00,54,00,69,00,6f,00,37,00,42,00,31,00,58,00,74,00,6e,00,61,00,00,00,b5,\
    00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
    b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
    8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
    00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
    00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
    00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
    00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
    00,99,00,00,00,00,00

    [HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}]
    @="Anigifdisplay Control"

    [HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\Control]

    [HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\InprocServer32]
    @="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\AniGifDisplay.ocx"
    "InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
    00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
    70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
    00,72,00,65,00,3e,00,4b,00,3f,00,68,00,2b,00,28,00,74,00,33,00,53,00,6c,00,\
    38,00,65,00,58,00,2a,00,41,00,5e,00,47,00,71,00,71,00,54,00,48,00,00,00,b5,\
    00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
    b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
    8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
    00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
    00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
    00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
    00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
    00,99,00,00,00,00,00
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\MiscStatus]
    @="0"

    [HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\MiscStatus\1]
    @="131473"

    [HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\ProgID]
    @="ANIGIFDISPLAY.AnigifdisplayCtrl.1"

    [HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\ToolboxBitmap32]
    @="C:\\PROGRA~1\\COMMON~1\\Sonic\\UPDATE~1\\ANIGIF~1.OCX, 1"

    [HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\TypeLib]
    @="{C8373FC7-E31B-11D3-A08C-00C04F68FC09}"

    [HKEY_CLASSES_ROOT\CLSID\{C8373FCA-E31B-11D3-A08C-00C04F68FC09}\Version]
    @="1.0"

    [HKEY_CLASSES_ROOT\CLSID\{C8373FCB-E31B-11D3-A08C-00C04F68FC09}]
    @="Anigifdisplay Property Page"

    [HKEY_CLASSES_ROOT\CLSID\{C8373FCB-E31B-11D3-A08C-00C04F68FC09}\InprocServer32]
    @="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\AniGifDisplay.ocx"
    "InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
    00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
    70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
    00,72,00,65,00,3e,00,4b,00,3f,00,68,00,2b,00,28,00,74,00,33,00,53,00,6c,00,\
    38,00,65,00,58,00,2a,00,41,00,5e,00,47,00,71,00,71,00,54,00,48,00,00,00,b5,\
    00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
    b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
    8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
    00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
    00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
    00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
    00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
    00,99,00,00,00,00,00

    [HKEY_CLASSES_ROOT\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}]
    "AppID"="{A5090E95-F1E2-41C8-BDA1-5AEB6C321FDE}"
    @="PDFShellInfo2 Class"

    [HKEY_CLASSES_ROOT\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\LocalServer32]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32Info.exe\" /PDFShell"

    [HKEY_CLASSES_ROOT\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\ProgID]
    @="PDFShellServer.PDFShellInfo2.1"

    [HKEY_CLASSES_ROOT\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\TypeLib]
    @="{41C5FFFE-36DD-415D-9ED0-2976A342A1C8}"

    [HKEY_CLASSES_ROOT\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\VersionIndependentProgID]
    @="PDFShellServer.PDFShellInfo2"

    [HKEY_CLASSES_ROOT\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}]
    "DisplayName"="@C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\pdfprevhndlr.dll,-101"
    "AppID"="{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}"
    "DisableLowILProcessIsolation"=dword:00000001
    @="Adobe PDF Preview Handler for Vista"

    [HKEY_CLASSES_ROOT\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\InprocServer32]
    "ThreadingModel"="Apartment"
    @="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\pdfprevhndlr.dll"

    [HKEY_CLASSES_ROOT\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\ProgID]
    @="PDFPrevHndlr.PDFPreviewHandler.1"

    [HKEY_CLASSES_ROOT\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\TypeLib]
    @="{0F6D3808-7974-4B1A-94C2-3200767EACE8}"

    [HKEY_CLASSES_ROOT\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\VersionIndependentProgID]
    @="PDFPrevHndlr.PDFPreviewHandler"

    [HKEY_CLASSES_ROOT\CLSID\{E2F2B592-B326-11D3-B22A-00C04F68FC09}]
    @="SGBackupAgent Class"

    [HKEY_CLASSES_ROOT\CLSID\{E2F2B592-B326-11D3-B22A-00C04F68FC09}\InprocServer32]
    @="C:\\Program Files\\Common Files\\Sonic\\Update Manager\\Archived.dll"
    "InprocServer32"=hex(7):42,00,34,00,32,00,32,00,26,00,7b,00,24,00,4a,00,3f,\
    00,39,00,3d,00,60,00,78,00,2a,00,69,00,6e,00,2b,00,25,00,2b,00,72,00,55,00,\
    70,00,64,00,61,00,74,00,65,00,4d,00,67,00,72,00,46,00,65,00,61,00,74,00,75,\
    00,72,00,65,00,3e,00,5d,00,29,00,4f,00,62,00,34,00,64,00,51,00,33,00,70,00,\
    3d,00,39,00,61,00,61,00,65,00,4f,00,65,00,62,00,6a,00,30,00,28,00,00,00,b5,\
    00,d5d0,00,1c,00,00,00,11,00,11,00,1d4,00,10c,00,00,00,8860,00,b5,00,8860,00,\
    b5,00,39a0,00,17,00,887c,00,b5,00,887c,00,b5,00,cac0,00,1c,00,88a0,00,b5,00,\
    8888,00,b5,00,d830,00,16,00,88ac,00,b5,00,8894,00,b5,00,d868,00,16,00,88b8,\
    00,b5,00,88a0,00,b5,00,d8b0,00,16,00,88c4,00,b5,00,88ac,00,b5,00,d8d8,00,16,\
    00,88d0,00,b5,00,88b8,00,b5,00,d930,00,16,00,88dc,00,b5,00,88c4,00,b5,00,d978,\
    00,16,00,88e8,00,b5,00,88d0,00,b5,00,d9b0,00,16,00,00,00,88dc,00,b5,00,d9e8,\
    00,16,00,00,00,11,00,11,00,1c5,00,108,00,dad,00,00,00,17,00,1f48,00,4a,00,00,00,a8ac,\
    00,99,00,00,00,00,00
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\CLSID\{E2F2B592-B326-11D3-B22A-00C04F68FC09}\ProgID]
    @="Agent.SGBackupAgent.1"

    [HKEY_CLASSES_ROOT\CLSID\{E2F2B592-B326-11D3-B22A-00C04F68FC09}\Programmable]

    [HKEY_CLASSES_ROOT\CLSID\{E2F2B592-B326-11D3-B22A-00C04F68FC09}\TypeLib]
    @="{E2F2B585-B326-11D3-B22A-00C04F68FC09}"

    [HKEY_CLASSES_ROOT\CLSID\{E2F2B592-B326-11D3-B22A-00C04F68FC09}\VersionIndependentProgID]
    @="Agent.SGBackupAgent"

    [HKEY_CLASSES_ROOT\CLSID\{E8978DA6-047F-4E3D-9C78-CDBE46041603}]
    @="PDF Filter"

    [HKEY_CLASSES_ROOT\CLSID\{E8978DA6-047F-4E3D-9C78-CDBE46041603}\InprocServer32]
    @="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRdIF.dll"
    "ThreadingModel"="Both"

    [HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\shell\Read]

    [HKEY_CLASSES_ROOT\Applications\AcroRD32.exe\shell\Read\command]
    @="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\AcroRd32.exe]
    @="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"
    "Path"="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe]
    @="C:\\nesto\\ComboFix.exe"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\SGTRAY.EXE]
    @="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\""

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\"="1"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\\Program Files\\Common Files\\Sonic\\"="1"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\dimpls\\"=""

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AMT\\"="1"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\\Program Files\\Adobe\\Reader 8.0\\Setup Files\\{AC76BA86-7AD7-1035-7B44-A81200000003}\\"="1"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9884A144-3433-4FB8-A861-45903051CA86}]
    "SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
    00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00
    "Changed"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DEE8F129-2771-4599-B6A4-96DFEBF46006}]
    "SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
    00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00
    "Changed"=dword:00000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DriveCleaner 2006 Free]
    "Order"=hex:08,00,00,00,02,00,00,00,28,03,00,00,01,00,00,00,05,00,00,00,8c,\
    00,00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,\
    32,00,1c,03,00,00,79,35,c6,99,20,00,44,52,49,56,45,43,7e,31,2e,4c,4e,4b,00,\
    00,42,00,03,00,04,00,ef,be,79,35,c6,99,8b,38,96,a9,14,00,00,00,44,00,72,00,\
    69,00,76,00,65,00,43,00,6c,00,65,00,61,00,6e,00,65,00,72,00,20,00,32,00,30,\
    00,30,00,36,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
    00,00,00,00,1c,00,00,00,00,00,00,00,00,00,9e,00,00,00,01,00,00,00,90,00,00,\
    00,41,75,67,4d,02,00,00,00,01,00,00,00,7e,00,32,00,53,02,00,00,79,35,c7,99,\
    20,00,44,52,49,56,45,43,7e,32,2e,4c,4e,4b,00,00,54,00,03,00,04,00,ef,be,79,\
    35,c7,99,8b,38,96,a9,14,00,00,00,44,00,72,00,69,00,76,00,65,00,43,00,6c,00,\
    65,00,61,00,6e,00,65,00,72,00,20,00,32,00,30,00,30,00,36,00,20,00,48,00,6f,\
    00,6d,00,65,00,50,00,61,00,67,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
    0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,a8,00,00,\
    00,02,00,00,00,9a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,88,00,32,00,\
    5d,02,00,00,79,35,c7,99,20,00,44,52,49,56,45,43,7e,33,2e,4c,4e,4b,00,00,5e,\
    00,03,00,04,00,ef,be,79,35,c7,99,8b,38,96,a9,14,00,00,00,44,00,72,00,69,00,\
    76,00,65,00,43,00,6c,00,65,00,61,00,6e,00,65,00,72,00,20,00,32,00,30,00,30,\
    00,36,00,20,00,4f,00,6e,00,6c,00,69,00,6e,00,65,00,20,00,4d,00,61,00,6e,00,\
    75,00,61,00,6c,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
    be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,aa,00,00,00,03,00,00,00,9c,00,\
    00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8a,00,32,00,61,02,00,00,79,35,c7,\
    99,20,00,44,52,49,56,45,43,7e,34,2e,4c,4e,4b,00,00,60,00,03,00,04,00,ef,be,\
    79,35,c7,99,8b,38,96,a9,14,00,00,00,44,00,72,00,69,00,76,00,65,00,43,00,6c,\
    00,65,00,61,00,6e,00,65,00,72,00,20,00,32,00,30,00,30,00,36,00,20,00,4f,00,\
    6e,00,6c,00,69,00,6e,00,65,00,20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,\
    00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
    1c,00,00,00,00,00,00,00,00,00,a0,00,00,00,04,00,00,00,92,00,00,00,41,75,67,\
    4d,02,00,00,00,01,00,00,00,80,00,32,00,32,06,00,00,79,35,4a,b3,20,00,55,4e,\
    49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,56,00,03,00,04,00,ef,be,79,35,c7,99,8b,\
    38,96,a9,14,00,00,00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,\
    20,00,44,00,72,00,69,00,76,00,65,00,43,00,6c,00,65,00,61,00,6e,00,65,00,72,\
    00,20,00,32,00,30,00,30,00,36,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
    00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\RogueRemover FREE]
    "Order"=hex:08,00,00,00,02,00,00,00,98,00,00,00,01,00,00,00,01,00,00,00,8c,\
    00,00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,\
    32,00,ce,02,00,00,8a,38,c7,89,20,00,52,4f,47,55,45,52,7e,31,2e,4c,4e,4b,00,\
    00,42,00,03,00,04,00,ef,be,8a,38,c7,89,8b,38,96,a9,14,00,00,00,52,00,6f,00,\
    67,00,75,00,65,00,52,00,65,00,6d,00,6f,00,76,00,65,00,72,00,20,00,46,00,52,\
    00,45,00,45,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
    00,00,00,00,1c,00,00,00,00,00,00,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"="Adobe Reader 8.1"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"="Sonic Update Manager"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"="Adobe Acrobat SpeedLauncher"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\moji programi\\HJTInstall.exe"="HijackThis"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\Downloads\\ccsetup206[1].exe"="CCleaner Installer"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\nesto\\ComboFix.exe"="ComboFix"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\DOCUME~1\\OMISTA~1.000\\LOCALS~1\\Temp\\~nsu.tmp\\Au_.exe"="CCleaner Installer"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\nesto\\avg_avwt_stf_all_8_93a1283.exe"="avg_avwt_stf_all_8_93a1283"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\DOCUME~1\\OMISTA~1.000\\LOCALS~1\\Temp\\RarSFX0\\avgsetup.exe"="AVG Setup"

    HijackthisLogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:38, on 2008-04-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Elisa\Avustaja\Elisa.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200645140109
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 11744 bytes

    eScan

    File C:\Documents and Settings\Omistaja.BANJALUKA.000\Suosikit\Kuhinja\Kozaracki kuhar.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\Omistaja.BANJALUKA.000\Suosikit\Snimanje\Najnovije.net Second Edition Pocetna.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

    En tehnyt poistoa. En käynyt katsomassa mutta tässä (http://koti.mbnet.fi/pattaya1/eScanCheck.htm) kun se ohje on, niin pitäisikö mun tehdä sitä. Meinaan jos ei ole mitään vaikeaa.


    Latasin myös StartUpLite

    Please kurkas vielä kerran ja auta..
     
  16. Hujo

    Hujo Guest

    Tehäs näin

    Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan:

    sammuta ja käynnistä
    käynnistyksen yhteydessä hakkaa F8 nappia
    valitse nuolinäppäimellä vikasietotila
    paina enter ja enter
    valitse käyttäjätilisi
    paina kyllä

    Jossakin koneissa hakataan F8:sin sijasta F5:tä

    " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
    " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    " Paina Y käynnistääksesi skriptin.
    " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
     
  17. nyks

    nyks Member

    Liittynyt:
    14.01.2008
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Tässä on pakko olla jotain outoa. Se tekee samaa kuin se combofix. Eli ei mitään. Vilkkuu kirjain Y. Pitääkö se mennä niin etten mä ruudussa näe mitään vai mitä mä teen väärin?
     
  18. Hujo

    Hujo Guest

    paina y ja sit enter
     
  19. nyks

    nyks Member

    Liittynyt:
    14.01.2008
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Juu hoidettu. Arvaa nolottaako?!
    Okei tein niin. Tässä raportit:


    SDFix: Version 1.169
    Run by Omistaja on 2008-04-12 at 16:08

    Microsoft Windows XP [versio 5.1.2600]
    Running From: C:\nesto\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-12 16:14:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"="C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe:*:Enabled:Elisa Avustaja"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    Remaining Files :


    File Backups: - C:\nesto\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Fri 18 Jan 2008 196 A.SHR --- "C:\BOOT.BAK"
    Wed 8 May 2002 188 ...H. --- "C:\WINDOWS\Mi1cnie1k1rn5n38.dll"
    Sat 25 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Wed 7 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Mon 19 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"

    Finished!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:30, on 2008-04-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Elisa\Avustaja\Elisa.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200645140109
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 11744 bytes

     
  20. Hujo

    Hujo Guest

    Lataa Atribunen ATF Cleaner

    Ohjeet;

    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
    Klikkaa Empty Selected valintaa.
    Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa taas.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
    Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

     
  21. nyks

    nyks Member

    Liittynyt:
    14.01.2008
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Tein niinkin. Voisitko vastata vielä seuraaviin kysymyksiin:
    Onko mulla enää niitä viruksia?
    Oliko tässä kaikki?
    Kaikki nämä ohjelmat joita käytin, poistanko ne ja tarvitaessa tulen taas tänne teitä kiusamaan vai mitkä voisin jättää ja käyttää ne uudestaan siis tarvittaessa? Mihin tarkoitukseen ne on olemassa?
     

Jaa tämä sivu