1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Hjt-loki ja virusongelmia

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi H8Virus 30.09.2005.

  1. H8Virus

    H8Virus Regular member

    Liittynyt:
    30.09.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    "Silent Runners.vbs", revision 41, http://www.silentrunners.org/
    Operating System: Windows XP
    Output of all locations checked and all values found.


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    "a-squared" = ""C:\Program Files\a2\a2guard.exe"" [null data]

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
    "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
    "SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
    "F-Secure Manager" = ""C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]
    "F-Secure TNB" = ""C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]
    "News Service" = ""C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"" ["F-Secure Corporation"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = (no title provided)
    \StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{00022613-0000-0000-C000-000000000046}" = "Multimediatiedoston ominaisuusikkuna"
    -> {CLSID}\InProcServer32\(Default) = "mmsys.cpl" [MS]
    "{176d6597-26d3-11d1-b350-080036a75b03}" = "ICM-kuvanlukijan hallinta"
    -> {CLSID}\InProcServer32\(Default) = "icmui.dll" [MS]
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "NTFS-suojaussivu"
    -> {CLSID}\InProcServer32\(Default) = "rshx32.dll" [MS]
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "OLE-asiakirjatiedoston ominaisuussivu"
    -> {CLSID}\InProcServer32\(Default) = "docprop.dll" [MS]
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Liittymälaajennus jakamista varten"
    -> {CLSID}\InProcServer32\(Default) = "ntshrui.dll" [MS]
    "{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\themeui.dll" [MS]
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Näyttösovittimen CPL-laajennus"
    -> {CLSID}\InProcServer32\(Default) = "deskadp.dll" [MS]
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Display Monitor CPL -laajennus"
    -> {CLSID}\InProcServer32\(Default) = "deskmon.dll" [MS]
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL -laajennus"
    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "Hakemistopalvelun suojaussivu"
    -> {CLSID}\InProcServer32\(Default) = "dssec.dll" [MS]
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Yhteensopivuussivusto"
    -> {CLSID}\InProcServer32\(Default) = "SlayerXP.dll" [MS]
    "{56117100-C0CD-101B-81E2-00AA004AE837}" = "Käyttöliittymän leikkeidenkäsittelytoiminto"
    -> {CLSID}\InProcServer32\(Default) = "shscrap.dll" [MS]
    "{59099400-57FF-11CE-BD94-0020AF85B590}" = "Levykkeen kopiointilaajennus"
    -> {CLSID}\InProcServer32\(Default) = "diskcopy.dll" [MS]
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Microsoft Windows -verkon objektien liittymälaajennukset"
    -> {CLSID}\InProcServer32\(Default) = "ntlanui2.dll" [MS]
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "ICM-näytön hallinta"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [MS]
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "ICM-tulostimen hallinta"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
    "{77597368-7b15-11d0-a0c2-080036af3f03}" = "Web-tulostimen liittymälaajennus"
    -> {CLSID}\InProcServer32\(Default) = "printui.dll" [MS]
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI"
    -> {CLSID}\InProcServer32\(Default) = "dskquoui.dll" [MS]
    "{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Salkku"
    -> {CLSID}\InProcServer32\(Default) = "syncui.dll" [MS]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-kuvakkeen tunniste"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts"
    -> {CLSID}\InProcServer32\(Default) = "fontext.dll" [MS]
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "ICC-profiili"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Tulostimen suojaussivu"
    -> {CLSID}\InProcServer32\(Default) = "rshx32.dll" [MS]
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Liittymälaajennus jakamista varten"
    -> {CLSID}\InProcServer32\(Default) = "ntshrui.dll" [MS]
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"
    -> {CLSID}\InProcServer32\(Default) = "deskperf.dll" [MS]
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto PKO -laajennus"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto Sign -laajennus"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Verkkoyhteydet"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Verkkoyhteydet"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "Skannerit ja kamerat"
    -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS]
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "Skannerit ja kamerat"
    -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS]
    "{905667aa-acd6-11d2-8080-00805f6596d2}" = "Skannerit ja kamerat"
    -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS]
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "Skannerit ja kamerat"
    -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS]
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "Skannerit ja kamerat"
    -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS]
    "{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\remotepg.dll" [MS]
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wuaucpl.cpl" [MS]
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Windows Script Hostin liittymälaajennukset"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wshext.dll" [MS]
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft-tietolinkki"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\System\Ole DB\oledb32.dll" [MS]
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Ajoitetut tehtävät"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Etsi"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Ohje ja tuki"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Ohje ja tuki"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Suorita..."
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Internet"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "Sähköposti"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Fontit"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Valvontatyökalut"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Microsoft Internet-työkalurivi"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Lataamisen tila"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Augmented Shell Folder"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Etsintäpalkki"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{32683183-48a0-441b-a342-7c2a440a9478}" = "Media-palkki"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "In-pane search"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Web Search"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Registry Tree Options Utility"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Lähiosoite"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Address EditBox"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Microsoft AutoComplete"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{6756A641-DE71-11d0-831B-00AA005B4383}" = "MRU AutoComplete List"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Custom MRU AutoCompleted List"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{acf35015-526e-4230-9596-becbe19f0ac9}" = "Track Popup Bar"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" = "Osoitepalkin jäsentäjä"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Microsoft History AutoComplete List"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{03C036F1-A186-11D0-824A-00AA005B4383}" = "Microsoft Shell Folder AutoComplete List"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Microsoft Multiple AutoComplete List Container"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Shell Band Site Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Shell DeskBarApp"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Shell DeskBar"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "User Assist"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Global Folder Settings"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut"
    -> {CLSID}\InProcServer32\(Default) = "shdocvw.dll" [MS]
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft Url History Service"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{FF393560-C2A7-11CF-BFF4-444553540000}" = "Sivuhistoria"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" = "IE4 Suite Splash Screen"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" = "CDF Extension Copy Hook"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "Internet"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Explorer Band"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\sendmail.dll" [MS]
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\sendmail.dll" [MS]
    "{88C6C381-2E85-11D0-94DE-444553540000}" = "ActiveX-välimuistikansio"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [MS]
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" = "Subscription Mgr"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Subscription Folder"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" = "WebCheckChannelAgent"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" = "TrayAgent"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" = "Code Download Agent"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" = "ConnectionAgent"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}" = "PostAgent"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" = "WebCheck SyncMgr Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Käyttöliittymän sovelluksenhallintaohjelma"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS]
    "{0B124F8F-91F0-11D1-B8B5-006008059382}" = "Sovellusluettelo asennettiin"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS]
    "{CFCCC7A0-A282-11D1-9082-006008059382}" = "Darwin App Publisher"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS]
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}" = "Shell Image Verbs"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" = "Shell Image Data Factory"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}" = "GDI+ -tiedoston pikkukuvan purkaja"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" = "Yhteenvetotiedot pikkukuvien käsittelystä (DOCFILES)"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}" = "HTML-pikkukuvien purkuohjelma"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" = "Shell Image Property Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" = "Ohjattu Web-julkaisutoiminto"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
    "{add36aa8-751a-4579-a266-d66f5202ccbb}" = "Valokuvien paperikopioiden tilaaminen Internetistä"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" = "Shell Publishing Wizard Object"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}" = "Ohjattu Passport toiminto"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
    "{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" = "Pakattu (zip) kansio"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS]
    "{BD472F60-27FA-11cf-B8B4-444553540000}" = "Compressed (zipped) Folder Right Drag Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS]
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" = "Compressed (zipped) Folder SendTo Target"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS]
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}" = "Kanavatiedosto"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}" = "Kanavan pikakuvake"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}" = "Kanavienkäsittelyobjekti"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}" = "Channel Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}" = "Channel Properties"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
    "{63da6ec0-2e98-11cf-8d82-444553540000}" = "FTP Folders Webview"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msieftp.dll" [MS]
    "{883373C3-BF89-11D1-BE35-080036B11A03}" = "Microsoft DocProp Shell Ext"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" = "Microsoft DocProp Inplace Edit Box Control"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{8EE97210-FD1F-4B19-91DA-67914005F020}" = "Microsoft DocProp Inplace ML Edit Box Control"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" = "Microsoft DocProp Inplace Droplist Combo Control"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}" = "Microsoft DocProp Inplace Calendar Control"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" = "Microsoft DocProp Inplace Time Control"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
    "{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [MS]
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [MS]
    "{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS]
    "{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS]
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS]
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Offline Files Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Offline Files Folder Options"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Offline-tiedostot-kansio"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}" = "Microsoft Agent Character Property Sheet Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\msagent\agentpsh.dll" [MS]
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" = "DfsShell"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dfsshlex.dll" [MS]
    "{60fd46de-f830-4894-a628-6fa81bc0190d}" = "%DESC_PublishDropTarget%"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\photowiz.dll" [MS]
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mmcshext.dll" [MS]
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer"
    -> {CLSID}\InProcServer32\(Default) = "cabview.dll" [MS]
    "{32714800-2E5F-11d0-8B85-00AA0044F941}" = "&Henkilöitä..."
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Outlook Express\wabfind.dll" [MS]
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}" = "Windows Media Player Play as Playlist Context Menu Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [MS]
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" = "Windows Media Player Burn Audio CD Context Menu Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [MS]
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" = "Windows Media Player Add to Playlist Context Menu Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [MS]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\a2\A2CONT~1.DLL" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Browseui preloader"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Component Categories cache daemon"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" = "URL Exec Hook" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "shell32.dll" [MS]
    INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

    HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\stobject.dll" [MS]

    HKCU\SOFTWARE\Microsoft\Command Processor\
    "AutoRun" = (no data)

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
    "Shell" = (no data)

    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    "load" = (no data)
    "run" = (no data)

    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
    "Shell" = (no data)

    HKLM\SOFTWARE\Microsoft\Command Processor\
    "AutoRun" = (no data)

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    "AppInit_DLLs" = (no data)

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
    "GinaDLL" = (no data)
    "Shell" = "Explorer.exe" [MS]
    "Taskman" = (no data)
    "Userinit" = "C:\WINDOWS\system32\userinit.exe," [MS]
    "System" = (value not set)

    HKLM\System\CurrentControlSet\Control\Session Manager\
    "BootExecute" = "autocheck autochk *"

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
    crypt32chain\DLLName = "crypt32.dll" [MS]
    cryptnet\DLLName = "cryptnet.dll" [MS]
    cscdll\DLLName = "cscdll.dll" [MS]
    ScCertProp\DLLName = "wlnotify.dll" [MS]
    Schedule\DLLName = "wlnotify.dll" [MS]
    sclgntfy\DLLName = "sclgntfy.dll" [MS]
    SensLogn\DLLName = "WlNotify.dll" [MS]
    termsrv\DLLName = "wlnotify.dll" [MS]
    wlballoon\DLLName = "wlnotify.dll" [MS]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
    Your Image File Name Here without a path\Debugger = "ntsd -d" [MS]

    HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon\

    HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\

    HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\

    HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\

    HKLM\Software\Classes\PROTOCOLS\Filter\
    Class Install Handler\CLSID = "{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
    deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
    gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
    lzdhtml\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
    text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
    Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
    Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
    -> {CLSID}\InProcServer32\(Default) = "ntshrui.dll" [MS]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\a2\A2CONT~1.DLL" [null data]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


    Default executables:
    --------------------

    .BAT: HKLM\SOFTWARE\Classes\batfile\shell\open\command\
    "Default" = ""%1" %*"

    .CMD: HKLM\SOFTWARE\Classes\cmdfile\shell\open\command\
    "Default" = ""%1" %*"

    .COM: HKLM\SOFTWARE\Classes\comfile\shell\open\command\
    "Default" = ""%1" %*"

    .EXE: HKLM\SOFTWARE\Classes\exefile\shell\open\command\
    "Default" = ""%1" %*"

    .HTA: HKLM\SOFTWARE\Classes\htafile\shell\open\command\
    "Default" = "C:\WINDOWS\System32\mshta.exe "%1" %*"

    .PIF: HKLM\SOFTWARE\Classes\piffile\shell\open\command\
    "Default" = ""%1" %*"

    .SCR: HKLM\SOFTWARE\Classes\scrfile\shell\open\command\
    "Default" = ""%1" /S"


    Group Policies [Description] {enabled Group Policy setting}:
    ------------------------------------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

    HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

    HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = (value not set)


    Autostart via AUTORUN.INF on local fixed drives:
    ------------------------------------------------

    C:\
    AUTORUN.INF -> (file not found)


    DESKTOP.INI DLL launch in local fixed drive directories:
    --------------------------------------------------------

    C:\Documents and Settings\Default User\Local Settings\Sivuhistoria\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\6EQ63EUS\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\C7CTMBTW\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\P7ZD1D2U\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\W1P367ZV\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8RSTCDWX\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHI1KL4N\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7ECGKOM\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRABCD\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Sivuhistoria\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Temporary Internet Files\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Temporary Internet Files\Content.IE5\8DIN8PQ3\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Temporary Internet Files\Content.IE5\KPEZ8XAR\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Temporary Internet Files\Content.IE5\KTUB0HQF\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Temporary Internet Files\Content.IE5\W56BKXEN\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NetworkService\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6EQ63EUS\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C7CTMBTW\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P7ZD1D2U\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1P367ZV\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\Downloaded Program Files\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={88C6C381-2E85-11d0-94DE-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [MS]

    C:\WINDOWS\Fonts\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={BD84B380-8CA2-1069-AB1D-08000948F534}
    -> {CLSID}\InProcServer32\(Default) = "fontext.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6EQ63EUS\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C7CTMBTW\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\P7ZD1D2U\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W1P367ZV\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\Tasks\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={d6277990-4c6a-11cf-8d87-00aa0060f5bf}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]


    Startup items in "NC" & "All Users" startup folders:
    ----------------------------------------------------

    C:\Documents and Settings\NC\Käynnistä-valikko\Ohjelmat\Käynnistys

    C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys
    "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


    Enabled Scheduled Tasks:
    ------------------------


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{01E04581-4EEE-11D0-BFE9-00AA005B4383}" = "&Lähiosoite" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{01E04581-4EEE-11D0-BFE9-00AA005B4383}" = "&Lähiosoite" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]

    "{0E5CBF21-D15F-11D0-8301-00AA005B4383}" = "&Linkit" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{8E718888-423F-11D2-876E-00A0C9082467}" = "&Radio" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msdxm.ocx" [MS]

    Explorer Bars

    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
    {32683183-48A0-441B-A342-7C2A440A9478}\ = "Media-palkki" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
    {4D5C8C25-D075-11D0-B416-00C04FB90376}\ = "&Päivän vihje" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    Dormant Explorer Bars in "View, Explorer Bar" menu

    HKLM\Software\Classes\CLSID\{30D02401-6A81-11D0-8274-00C04FD5AE38}\ = "Etsintäpalkki"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]

    HKLM\Software\Classes\CLSID\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ = "Tiedostojen etsintä -Explorer-palkki"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

    HKLM\Software\Classes\CLSID\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}\ = "Favorites Band"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    HKLM\Software\Classes\CLSID\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}\ = "History Band"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    HKLM\Software\Classes\CLSID\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}\ = "Explorer Band"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKCU\Software\Microsoft\Internet Explorer\Extensions\

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


    Internet Explorer Address Prefixes:
    -----------------------------------

    Prefix for bare domain ("domain-name-here.com")

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Default Prefix\
    (Default) = "http://"

    Prefix for specific service (i.e., "www")

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\
    "ftp" = "ftp://"
    "gopher" = "gopher://"
    "home" = "http://"
    "mosaic" = "http://"
    "www" = "http://"


    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings" -- no anomalies found)

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
    "NavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]
    "DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]
    "NavigationCanceled" = "res://shdoclc.dll/navcancl.htm" [MS]
    "OfflineInformation" = "res://shdoclc.dll/offcancl.htm" [MS]
    "Home" = 270
    "blank" = "res://mshtml.dll/blank.htm" [MS]
    "PostNotCached" = "res://mshtml.dll/repost.htm" [MS]
    "mozilla" = "res://mshtml.dll/about.moz" [MS]


    HOSTS file
    ----------

    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
    "DataBasePath" = "C:\WINDOWS\System32\drivers\etc"

    C:\WINDOWS\System32\drivers\etc\HOSTS

    maps: 2 domain names to IP addresses,
    and all are the localhost IP address


    All Running Services (Display Name, Service Name, Path {Service DLL}):
    ----------------------------------------------------------------------

    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
    Automaattiset päivitykset, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wuauserv.dll" [MS]}
    COM+-tapahtumajärjestelmä, EventSystem, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\es.dll" [MS]}
    DHCP-asiakas, Dhcp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dhcpcsvc.dll" [MS]}
    DNS-asiakas, Dnscache, "C:\WINDOWS\System32\svchost.exe -k NetworkService" {"C:\WINDOWS\System32\dnsrslvr.dll" [MS]}
    Etäkäytön (RAS) yhteyksienhallinta, RasMan, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasmans.dll" [MS]}
    Etäproseduurikutsu (RPC), RpcSs, "C:\WINDOWS\system32\svchost -k rpcss" {"C:\WINDOWS\system32\rpcss.dll" [MS]}
    Etärekisteri, RemoteRegistry, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\system32\regsvc.dll" [MS]}
    ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
    F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]
    F-Secure Gatekeeper Handler Starter, F-Secure Gatekeeper Handler Starter, ""C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe"" ["F-Secure Corp."]
    F-Secure Management Agent, FSMA, ""C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE"" ["F-Secure Corporation"]
    fsbwsys, fsbwsys, ""C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe"" ["F-Secure Corp."]
    IPSEC-palvelut, PolicyAgent, "C:\WINDOWS\System32\lsass.exe" [MS]
    Järjestelmän palauttaminen -palvelu, srservice, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srsvc.dll" [MS]}
    Järjestelmätapahtuman ilmoitus, SENS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\sens.dll" [MS]}
    Käyttöliittymän laitteistotunnistus, ShellHWDetection, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
    Käyttöoikeustilien hallinta, SamSs, "C:\WINDOWS\system32\lsass.exe" [MS]
    Latauksenhallinta, uploadmgr, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]}
    Loogisen levyn hallinta, dmserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dmserver.dll" [MS]}
    NLA-nimiavaruus (Network Location Awareness), Nla, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" [MS]}
    Nopean käyttäjän vaihdon yhteensopivuus, FastUserSwitchingCompatibility, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
    Ohjeet ja tuotetuki, helpsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]}
    Palvelin, lanmanserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srvsvc.dll" [MS]}
    Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [MS]
    Puhelin, TapiSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\tapisrv.dll" [MS]}
    Päätepalvelut, TermService, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\termsrv.dll" [MS]}
    Remote Access Auto Connection -hallinta, RasAuto, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasauto.dll" [MS]}
    Salauspalvelut, CryptSvc, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\cryptsvc.dll" [MS]}
    Sonera Tietoturva, BackWeb Plug-in - 4436233, "C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE" [null data]
    SSDP-palvelu (Simple Service Discovery Protocol), SSDPSRV, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\ssdpsrv.dll" [MS]}
    Suojattu tallennuspaikka, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [MS]
    Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
    Tapahtumaloki, Eventlog, "C:\WINDOWS\system32\services.exe" [MS]
    Taustatulostusohjain, Spooler, "C:\WINDOWS\system32\spoolsv.exe" [MS]
    TCP/IP NetBIOS Helper, LmHosts, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\lmhsvc.dll" [MS]}
    Teemat, Themes, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
    Tehtävien ajoitus, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\schedsvc.dll" [MS]}
    Tiedostolinkkijäljityksen asiakas, TrkWks, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\trkwks.dll" [MS]}
    Tietokoneiden selaus, Browser, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\browser.dll" [MS]}
    Toissijainen kirjautuminen, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\seclogon.dll" [MS]}
    Työasema, lanmanworkstation, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [MS]}
    Verkkoyhteydet, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [MS]}
    Viestinvälitys, Messenger, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\msgsvc.dll" [MS]}
    Virheraportointipalvelut, ERSvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ersvc.dll" [MS]}
    WebClient, WebClient, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\webclnt.dll" [MS]}
    Windows Audio, AudioSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\audiosrv.dll" [MS]}
    Windows Time, W32Time, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\w32time.dll" [MS]}
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
    Wireless Zero Configuration, WZCSVC, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" [MS]}
    WMI-palvelu (Windows Management Instrumentation), winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [MS]}


    Keyboard Driver Filters:
    ------------------------

    HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
    "UpperFilters" = "kbdclass" [MS]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    BJ Language Monitor\Driver = "cnbjmon.dll" [MS]
    Local Port\Driver = "localspl.dll" [MS]
    PJL Language Monitor\Driver = "pjlmon.dll" [MS]
    Standard TCP/IP Port\Driver = "tcpmon.dll" [MS]
    USB Monitor\Driver = "usbmon.dll" [MS]


    -- (total run time: 63 seconds)
     
  2.  
  3. ratnunter

    ratnunter Regular member

    Liittynyt:
    09.06.2005
    Viestejä:
    131
    Kiitokset:
    0
    Pisteet:
    26
    hmm tossakin näkyy vain laillisia juttuja..
    nyt pitää jutella ton fixwareoutin tekijän kanssa
     
  4. ratnunter

    ratnunter Regular member

    Liittynyt:
    09.06.2005
    Viestejä:
    131
    Kiitokset:
    0
    Pisteet:
    26
    koitetaas tällasta
    avaa komentorivi
    klikkaa käynnistä>suorita kirjoita cmd ja paina enter
    komento riviin kirjoita ipconfig\flushdns
    huomaa että kone ei saa olla verkossa kun teet ton
    sitte koita uudestaan ottaa rasti pois kohdasta
    hae dns osoite automaattisesti
    käyynistä uudelleen, la laitappa sit vielä uusi loki

    ei tossa noita filuja kenties enää ole
     
  5. H8Virus

    H8Virus Regular member

    Liittynyt:
    30.09.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    No niin, tarkoitit varmaan silent runnersin lokia, tässäpä se:

    "Silent Runners.vbs", revision 41, http://www.silentrunners.org/
    Operating System: Windows XP
    Output of all locations checked and all values found.


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    "a-squared" = ""C:\Program Files\a2\a2guard.exe"" [null data]

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
    "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
    "SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
    "F-Secure Manager" = ""C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]
    "F-Secure TNB" = ""C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]
    "News Service" = ""C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"" ["F-Secure Corporation"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = (no title provided)
    \StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{00022613-0000-0000-C000-000000000046}" = "Multimediatiedoston ominaisuusikkuna"
    -> {CLSID}\InProcServer32\(Default) = "mmsys.cpl" [MS]
    "{176d6597-26d3-11d1-b350-080036a75b03}" = "ICM-kuvanlukijan hallinta"
    -> {CLSID}\InProcServer32\(Default) = "icmui.dll" [MS]
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "NTFS-suojaussivu"
    -> {CLSID}\InProcServer32\(Default) = "rshx32.dll" [MS]
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "OLE-asiakirjatiedoston ominaisuussivu"
    -> {CLSID}\InProcServer32\(Default) = "docprop.dll" [MS]
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Liittymälaajennus jakamista varten"
    -> {CLSID}\InProcServer32\(Default) = "ntshrui.dll" [MS]
    "{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\themeui.dll" [MS]
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Näyttösovittimen CPL-laajennus"
    -> {CLSID}\InProcServer32\(Default) = "deskadp.dll" [MS]
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Display Monitor CPL -laajennus"
    -> {CLSID}\InProcServer32\(Default) = "deskmon.dll" [MS]
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL -laajennus"
    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "Hakemistopalvelun suojaussivu"
    -> {CLSID}\InProcServer32\(Default) = "dssec.dll" [MS]
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Yhteensopivuussivusto"
    -> {CLSID}\InProcServer32\(Default) = "SlayerXP.dll" [MS]
    "{56117100-C0CD-101B-81E2-00AA004AE837}" = "Käyttöliittymän leikkeidenkäsittelytoiminto"
    -> {CLSID}\InProcServer32\(Default) = "shscrap.dll" [MS]
    "{59099400-57FF-11CE-BD94-0020AF85B590}" = "Levykkeen kopiointilaajennus"
    -> {CLSID}\InProcServer32\(Default) = "diskcopy.dll" [MS]
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Microsoft Windows -verkon objektien liittymälaajennukset"
    -> {CLSID}\InProcServer32\(Default) = "ntlanui2.dll" [MS]
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "ICM-näytön hallinta"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [MS]
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "ICM-tulostimen hallinta"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
    "{77597368-7b15-11d0-a0c2-080036af3f03}" = "Web-tulostimen liittymälaajennus"
    -> {CLSID}\InProcServer32\(Default) = "printui.dll" [MS]
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI"
    -> {CLSID}\InProcServer32\(Default) = "dskquoui.dll" [MS]
    "{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Salkku"
    -> {CLSID}\InProcServer32\(Default) = "syncui.dll" [MS]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-kuvakkeen tunniste"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts"
    -> {CLSID}\InProcServer32\(Default) = "fontext.dll" [MS]
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "ICC-profiili"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Tulostimen suojaussivu"
    -> {CLSID}\InProcServer32\(Default) = "rshx32.dll" [MS]
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Liittymälaajennus jakamista varten"
    -> {CLSID}\InProcServer32\(Default) = "ntshrui.dll" [MS]
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"
    -> {CLSID}\InProcServer32\(Default) = "deskperf.dll" [MS]
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto PKO -laajennus"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto Sign -laajennus"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Verkkoyhteydet"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Verkkoyhteydet"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "Skannerit ja kamerat"
    -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS]
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "Skannerit ja kamerat"
    -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS]
    "{905667aa-acd6-11d2-8080-00805f6596d2}" = "Skannerit ja kamerat"
    -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS]
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "Skannerit ja kamerat"
    -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS]
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "Skannerit ja kamerat"
    -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS]
    "{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\remotepg.dll" [MS]
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wuaucpl.cpl" [MS]
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Windows Script Hostin liittymälaajennukset"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wshext.dll" [MS]
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft-tietolinkki"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\System\Ole DB\oledb32.dll" [MS]
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Ajoitetut tehtävät"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Etsi"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Ohje ja tuki"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Ohje ja tuki"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Suorita..."
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Internet"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "Sähköposti"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Fontit"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Valvontatyökalut"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Microsoft Internet-työkalurivi"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Lataamisen tila"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Augmented Shell Folder"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Etsintäpalkki"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{32683183-48a0-441b-a342-7c2a440a9478}" = "Media-palkki"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "In-pane search"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Web Search"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Registry Tree Options Utility"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Lähiosoite"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Address EditBox"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Microsoft AutoComplete"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{6756A641-DE71-11d0-831B-00AA005B4383}" = "MRU AutoComplete List"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Custom MRU AutoCompleted List"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{acf35015-526e-4230-9596-becbe19f0ac9}" = "Track Popup Bar"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" = "Osoitepalkin jäsentäjä"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Microsoft History AutoComplete List"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{03C036F1-A186-11D0-824A-00AA005B4383}" = "Microsoft Shell Folder AutoComplete List"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Microsoft Multiple AutoComplete List Container"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Shell Band Site Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Shell DeskBarApp"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Shell DeskBar"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "User Assist"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Global Folder Settings"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut"
    -> {CLSID}\InProcServer32\(Default) = "shdocvw.dll" [MS]
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft Url History Service"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{FF393560-C2A7-11CF-BFF4-444553540000}" = "Sivuhistoria"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" = "IE4 Suite Splash Screen"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" = "CDF Extension Copy Hook"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "Internet"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Explorer Band"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\sendmail.dll" [MS]
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\sendmail.dll" [MS]
    "{88C6C381-2E85-11D0-94DE-444553540000}" = "ActiveX-välimuistikansio"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [MS]
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" = "Subscription Mgr"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Subscription Folder"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" = "WebCheckChannelAgent"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" = "TrayAgent"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" = "Code Download Agent"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" = "ConnectionAgent"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}" = "PostAgent"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" = "WebCheck SyncMgr Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Käyttöliittymän sovelluksenhallintaohjelma"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS]
    "{0B124F8F-91F0-11D1-B8B5-006008059382}" = "Sovellusluettelo asennettiin"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS]
    "{CFCCC7A0-A282-11D1-9082-006008059382}" = "Darwin App Publisher"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS]
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}" = "Shell Image Verbs"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" = "Shell Image Data Factory"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}" = "GDI+ -tiedoston pikkukuvan purkaja"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" = "Yhteenvetotiedot pikkukuvien käsittelystä (DOCFILES)"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}" = "HTML-pikkukuvien purkuohjelma"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" = "Shell Image Property Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" = "Ohjattu Web-julkaisutoiminto"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
    "{add36aa8-751a-4579-a266-d66f5202ccbb}" = "Valokuvien paperikopioiden tilaaminen Internetistä"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" = "Shell Publishing Wizard Object"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}" = "Ohjattu Passport toiminto"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
    "{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" = "Pakattu (zip) kansio"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS]
    "{BD472F60-27FA-11cf-B8B4-444553540000}" = "Compressed (zipped) Folder Right Drag Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS]
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" = "Compressed (zipped) Folder SendTo Target"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS]
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}" = "Kanavatiedosto"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}" = "Kanavan pikakuvake"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}" = "Kanavienkäsittelyobjekti"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}" = "Channel Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}" = "Channel Properties"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
    "{63da6ec0-2e98-11cf-8d82-444553540000}" = "FTP Folders Webview"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msieftp.dll" [MS]
    "{883373C3-BF89-11D1-BE35-080036B11A03}" = "Microsoft DocProp Shell Ext"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" = "Microsoft DocProp Inplace Edit Box Control"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{8EE97210-FD1F-4B19-91DA-67914005F020}" = "Microsoft DocProp Inplace ML Edit Box Control"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" = "Microsoft DocProp Inplace Droplist Combo Control"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}" = "Microsoft DocProp Inplace Calendar Control"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" = "Microsoft DocProp Inplace Time Control"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
    "{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [MS]
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [MS]
    "{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS]
    "{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS]
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS]
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Offline Files Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Offline Files Folder Options"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Offline-tiedostot-kansio"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}" = "Microsoft Agent Character Property Sheet Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\msagent\agentpsh.dll" [MS]
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" = "DfsShell"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dfsshlex.dll" [MS]
    "{60fd46de-f830-4894-a628-6fa81bc0190d}" = "%DESC_PublishDropTarget%"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\photowiz.dll" [MS]
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mmcshext.dll" [MS]
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer"
    -> {CLSID}\InProcServer32\(Default) = "cabview.dll" [MS]
    "{32714800-2E5F-11d0-8B85-00AA0044F941}" = "&Henkilöitä..."
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Outlook Express\wabfind.dll" [MS]
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}" = "Windows Media Player Play as Playlist Context Menu Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [MS]
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" = "Windows Media Player Burn Audio CD Context Menu Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [MS]
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" = "Windows Media Player Add to Playlist Context Menu Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [MS]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\a2\A2CONT~1.DLL" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Browseui preloader"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Component Categories cache daemon"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" = "URL Exec Hook" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "shell32.dll" [MS]
    INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

    HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\stobject.dll" [MS]

    HKCU\SOFTWARE\Microsoft\Command Processor\
    "AutoRun" = (no data)

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
    "Shell" = (no data)

    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    "load" = (no data)
    "run" = (no data)

    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
    "Shell" = (no data)

    HKLM\SOFTWARE\Microsoft\Command Processor\
    "AutoRun" = (no data)

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    "AppInit_DLLs" = (no data)

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
    "GinaDLL" = (no data)
    "Shell" = "Explorer.exe" [MS]
    "Taskman" = (no data)
    "Userinit" = "C:\WINDOWS\system32\userinit.exe," [MS]
    "System" = (value not set)

    HKLM\System\CurrentControlSet\Control\Session Manager\
    "BootExecute" = "autocheck autochk *"

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
    crypt32chain\DLLName = "crypt32.dll" [MS]
    cryptnet\DLLName = "cryptnet.dll" [MS]
    cscdll\DLLName = "cscdll.dll" [MS]
    ScCertProp\DLLName = "wlnotify.dll" [MS]
    Schedule\DLLName = "wlnotify.dll" [MS]
    sclgntfy\DLLName = "sclgntfy.dll" [MS]
    SensLogn\DLLName = "WlNotify.dll" [MS]
    termsrv\DLLName = "wlnotify.dll" [MS]
    wlballoon\DLLName = "wlnotify.dll" [MS]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
    Your Image File Name Here without a path\Debugger = "ntsd -d" [MS]

    HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon\

    HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\

    HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\

    HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\

    HKLM\Software\Classes\PROTOCOLS\Filter\
    Class Install Handler\CLSID = "{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
    deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
    gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
    lzdhtml\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
    text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
    Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
    Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
    -> {CLSID}\InProcServer32\(Default) = "ntshrui.dll" [MS]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\a2\A2CONT~1.DLL" [null data]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


    Default executables:
    --------------------

    .BAT: HKLM\SOFTWARE\Classes\batfile\shell\open\command\
    "Default" = ""%1" %*"

    .CMD: HKLM\SOFTWARE\Classes\cmdfile\shell\open\command\
    "Default" = ""%1" %*"

    .COM: HKLM\SOFTWARE\Classes\comfile\shell\open\command\
    "Default" = ""%1" %*"

    .EXE: HKLM\SOFTWARE\Classes\exefile\shell\open\command\
    "Default" = ""%1" %*"

    .HTA: HKLM\SOFTWARE\Classes\htafile\shell\open\command\
    "Default" = "C:\WINDOWS\System32\mshta.exe "%1" %*"

    .PIF: HKLM\SOFTWARE\Classes\piffile\shell\open\command\
    "Default" = ""%1" %*"

    .SCR: HKLM\SOFTWARE\Classes\scrfile\shell\open\command\
    "Default" = ""%1" /S"


    Group Policies [Description] {enabled Group Policy setting}:
    ------------------------------------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

    HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

    HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = (value not set)


    Autostart via AUTORUN.INF on local fixed drives:
    ------------------------------------------------

    C:\
    AUTORUN.INF -> (file not found)


    DESKTOP.INI DLL launch in local fixed drive directories:
    --------------------------------------------------------

    C:\Documents and Settings\Default User\Local Settings\Sivuhistoria\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\6EQ63EUS\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\C7CTMBTW\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\P7ZD1D2U\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\W1P367ZV\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8RSTCDWX\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHI1KL4N\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7ECGKOM\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRABCD\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Sivuhistoria\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Temporary Internet Files\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Temporary Internet Files\Content.IE5\8DIN8PQ3\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Temporary Internet Files\Content.IE5\KPEZ8XAR\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Temporary Internet Files\Content.IE5\KTUB0HQF\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NC\Local Settings\Temporary Internet Files\Content.IE5\W56BKXEN\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NetworkService\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6EQ63EUS\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C7CTMBTW\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P7ZD1D2U\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1P367ZV\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\Downloaded Program Files\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={88C6C381-2E85-11d0-94DE-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [MS]

    C:\WINDOWS\Fonts\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={BD84B380-8CA2-1069-AB1D-08000948F534}
    -> {CLSID}\InProcServer32\(Default) = "fontext.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6EQ63EUS\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C7CTMBTW\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\P7ZD1D2U\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W1P367ZV\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    C:\WINDOWS\Tasks\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={d6277990-4c6a-11cf-8d87-00aa0060f5bf}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]


    Startup items in "NC" & "All Users" startup folders:
    ----------------------------------------------------

    C:\Documents and Settings\NC\Käynnistä-valikko\Ohjelmat\Käynnistys

    C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys
    "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


    Enabled Scheduled Tasks:
    ------------------------


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{01E04581-4EEE-11D0-BFE9-00AA005B4383}" = "&Lähiosoite" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{01E04581-4EEE-11D0-BFE9-00AA005B4383}" = "&Lähiosoite" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]

    "{0E5CBF21-D15F-11D0-8301-00AA005B4383}" = "&Linkit" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{8E718888-423F-11D2-876E-00A0C9082467}" = "&Radio" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msdxm.ocx" [MS]

    Explorer Bars

    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
    {32683183-48A0-441B-A342-7C2A440A9478}\ = "Media-palkki" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
    {4D5C8C25-D075-11D0-B416-00C04FB90376}\ = "&Päivän vihje" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    Dormant Explorer Bars in "View, Explorer Bar" menu

    HKLM\Software\Classes\CLSID\{30D02401-6A81-11D0-8274-00C04FD5AE38}\ = "Etsintäpalkki"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]

    HKLM\Software\Classes\CLSID\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ = "Tiedostojen etsintä -Explorer-palkki"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

    HKLM\Software\Classes\CLSID\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}\ = "Favorites Band"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    HKLM\Software\Classes\CLSID\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}\ = "History Band"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    HKLM\Software\Classes\CLSID\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}\ = "Explorer Band"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKCU\Software\Microsoft\Internet Explorer\Extensions\

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


    Internet Explorer Address Prefixes:
    -----------------------------------

    Prefix for bare domain ("domain-name-here.com")

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Default Prefix\
    (Default) = "http://"

    Prefix for specific service (i.e., "www")

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\
    "ftp" = "ftp://"
    "gopher" = "gopher://"
    "home" = "http://"
    "mosaic" = "http://"
    "www" = "http://"


    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings" -- no anomalies found)

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
    "NavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]
    "DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]
    "NavigationCanceled" = "res://shdoclc.dll/navcancl.htm" [MS]
    "OfflineInformation" = "res://shdoclc.dll/offcancl.htm" [MS]
    "Home" = 270
    "blank" = "res://mshtml.dll/blank.htm" [MS]
    "PostNotCached" = "res://mshtml.dll/repost.htm" [MS]
    "mozilla" = "res://mshtml.dll/about.moz" [MS]


    HOSTS file
    ----------

    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
    "DataBasePath" = "C:\WINDOWS\System32\drivers\etc"

    C:\WINDOWS\System32\drivers\etc\HOSTS

    maps: 2 domain names to IP addresses,
    and all are the localhost IP address


    All Running Services (Display Name, Service Name, Path {Service DLL}):
    ----------------------------------------------------------------------

    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
    Automaattiset päivitykset, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wuauserv.dll" [MS]}
    COM+-tapahtumajärjestelmä, EventSystem, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\es.dll" [MS]}
    DHCP-asiakas, Dhcp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dhcpcsvc.dll" [MS]}
    DNS-asiakas, Dnscache, "C:\WINDOWS\System32\svchost.exe -k NetworkService" {"C:\WINDOWS\System32\dnsrslvr.dll" [MS]}
    Etäkäytön (RAS) yhteyksienhallinta, RasMan, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasmans.dll" [MS]}
    Etäproseduurikutsu (RPC), RpcSs, "C:\WINDOWS\system32\svchost -k rpcss" {"C:\WINDOWS\system32\rpcss.dll" [MS]}
    Etärekisteri, RemoteRegistry, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\system32\regsvc.dll" [MS]}
    ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
    F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]
    F-Secure Gatekeeper Handler Starter, F-Secure Gatekeeper Handler Starter, ""C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe"" ["F-Secure Corp."]
    F-Secure Management Agent, FSMA, ""C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE"" ["F-Secure Corporation"]
    fsbwsys, fsbwsys, ""C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe"" ["F-Secure Corp."]
    IPSEC-palvelut, PolicyAgent, "C:\WINDOWS\System32\lsass.exe" [MS]
    Järjestelmän palauttaminen -palvelu, srservice, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srsvc.dll" [MS]}
    Järjestelmätapahtuman ilmoitus, SENS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\sens.dll" [MS]}
    Käyttöliittymän laitteistotunnistus, ShellHWDetection, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
    Käyttöoikeustilien hallinta, SamSs, "C:\WINDOWS\system32\lsass.exe" [MS]
    Latauksenhallinta, uploadmgr, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]}
    Loogisen levyn hallinta, dmserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dmserver.dll" [MS]}
    NLA-nimiavaruus (Network Location Awareness), Nla, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" [MS]}
    Nopean käyttäjän vaihdon yhteensopivuus, FastUserSwitchingCompatibility, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
    Ohjeet ja tuotetuki, helpsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]}
    Palvelin, lanmanserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srvsvc.dll" [MS]}
    Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [MS]
    Puhelin, TapiSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\tapisrv.dll" [MS]}
    Päätepalvelut, TermService, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\termsrv.dll" [MS]}
    Remote Access Auto Connection -hallinta, RasAuto, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasauto.dll" [MS]}
    Salauspalvelut, CryptSvc, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\cryptsvc.dll" [MS]}
    Sonera Tietoturva, BackWeb Plug-in - 4436233, "C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE" [null data]
    SSDP-palvelu (Simple Service Discovery Protocol), SSDPSRV, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\ssdpsrv.dll" [MS]}
    Suojattu tallennuspaikka, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [MS]
    Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
    Tapahtumaloki, Eventlog, "C:\WINDOWS\system32\services.exe" [MS]
    Taustatulostusohjain, Spooler, "C:\WINDOWS\system32\spoolsv.exe" [MS]
    TCP/IP NetBIOS Helper, LmHosts, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\lmhsvc.dll" [MS]}
    Teemat, Themes, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
    Tehtävien ajoitus, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\schedsvc.dll" [MS]}
    Tiedostolinkkijäljityksen asiakas, TrkWks, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\trkwks.dll" [MS]}
    Tietokoneiden selaus, Browser, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\browser.dll" [MS]}
    Toissijainen kirjautuminen, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\seclogon.dll" [MS]}
    Työasema, lanmanworkstation, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [MS]}
    Verkkoyhteydet, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [MS]}
    Viestinvälitys, Messenger, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\msgsvc.dll" [MS]}
    Virheraportointipalvelut, ERSvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ersvc.dll" [MS]}
    WebClient, WebClient, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\webclnt.dll" [MS]}
    Windows Audio, AudioSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\audiosrv.dll" [MS]}
    Windows Time, W32Time, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\w32time.dll" [MS]}
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
    Wireless Zero Configuration, WZCSVC, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" [MS]}
    WMI-palvelu (Windows Management Instrumentation), winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [MS]}


    Keyboard Driver Filters:
    ------------------------

    HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
    "UpperFilters" = "kbdclass" [MS]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    BJ Language Monitor\Driver = "cnbjmon.dll" [MS]
    Local Port\Driver = "localspl.dll" [MS]
    PJL Language Monitor\Driver = "pjlmon.dll" [MS]
    Standard TCP/IP Port\Driver = "tcpmon.dll" [MS]
    USB Monitor\Driver = "usbmon.dll" [MS]


    -- (total run time: 65 seconds)
     
  6. ratnunter

    ratnunter Regular member

    Liittynyt:
    09.06.2005
    Viestejä:
    131
    Kiitokset:
    0
    Pisteet:
    26
    sori tarkoitin Hijackthis lokia ;)

    onko siina vielä se 017 rivi
     
  7. H8Virus

    H8Virus Regular member

    Liittynyt:
    30.09.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    Juu on se rivi siinä vielä, vai pitikö sitä yrittää fixata?

    Logfile of HijackThis v1.99.1
    Scan saved at 16:38:03, on 11.10.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
    C:\Program Files\a2\a2guard.exe
    C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
    C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
    C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
    C:\Program Files\Sonera Tietoturva\FSGUI\fsguiexe.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/telkku.cgi?n=Necrox&s=117102098102096111106&
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
    O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122916311764
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37350.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CD20828F-D2A6-46A4-BE12-2CB38C6E8ADD}: NameServer = 193.210.19.19 193.210.18.18
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Unknown owner - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

     
  8. Zipp2

    Zipp2 Regular member

    Liittynyt:
    30.09.2005
    Viestejä:
    376
    Kiitokset:
    0
    Pisteet:
    26
    Loistavaa...017 rivi kunnossa,viimein.
     
  9. H8Virus

    H8Virus Regular member

    Liittynyt:
    30.09.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    Siis mitä? Onhan se rivi vieläkin siinä.
     
  10. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    On, mutta noi on Soneran nimipalvelimien ip-osoitteet eli ok (ei siis samat kun siinä oli, joista ainakin eka (69.50.161.132) osoitti jenkkeihin).

    EDIT eli siis nyt: O17 - HKLM\System\CCS\Services\Tcpip\..\{CD20828F-D2A6-46A4-BE12-2CB38C6E8ADD}: NameServer = 193.210.19.19 193.210.18.18

    ennen: O17 - HKLM\System\CCS\Services\Tcpip\..\{CD20828F-D2A6-46A4-BE12-2CB38C6E8ADD}: NameServer = 69.50.161.132 85.255.112.15
     
    Viimeksi muokattu: 11.10.2005
  11. H8Virus

    H8Virus Regular member

    Liittynyt:
    30.09.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    Menee hiukka ohi meikällä mutta kaipa se sitten on kunnossa kun niin sanot, kiitokset.
     
  12. ratnunter

    ratnunter Regular member

    Liittynyt:
    09.06.2005
    Viestejä:
    131
    Kiitokset:
    0
    Pisteet:
    26
    eli se aikaisempi DNS oli atrivo technologies, yks pahimpia CWS:n levittäjiä. hieno homma et onnas

    hieman yksinkertaistaen voi sanoo et toi örkki kaappas sun internet yhteyden tonne ameriikkaan( käytännössä tietty venättälle)
     
  13. H8Virus

    H8Virus Regular member

    Liittynyt:
    30.09.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    Asia selvä ja kiitokset vielä. Tämän ketjun saa sitten poistaa.
     

Jaa tämä sivu