eli kone sammuilee ja yli määräisiä projekteja syntyy tyhjästä.. Logfile of HijackThis v1.99.1 Scan saved at 0:31:29, on 28.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ULI5289\ALi5289.exe C:\Program Files\ULI5289\JMAP5289.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\MediaGateway\MediaGateway.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\WINDOWS\System32\dmidhu.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\dmidhu.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Documents and Settings\allu\Työpöytä\Logs\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - Default URLSearchHook is missing O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe O4 - HKLM\..\Run: [NIW\] C:\windows\mrjj.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [dmidhu] C:\WINDOWS\System32\dmidhu.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\RunOnce: [dmidhu] C:\WINDOWS\System32\dmidhu.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233 O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\gp48l3hu1.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
ja tässä uus loki... Logfile of HijackThis v1.99.1 Scan saved at 1:21:53, on 28.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ULI5289\ALi5289.exe C:\Program Files\ULI5289\JMAP5289.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\MediaGateway\MediaGateway.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\dmidhu.exe C:\WINDOWS\System32\dmidhu.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\allu\Työpöytä\Logs\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - Default URLSearchHook is missing O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe O4 - HKLM\..\Run: [NIW\] C:\windows\mrjj.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [dmidhu] C:\WINDOWS\System32\dmidhu.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\RunOnce: [dmidhu] C:\WINDOWS\System32\dmidhu.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233 O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\hr0805due.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe netti toimii välillä, ihme pop uppeja ilmestyy melkien kokoajan... prosesseja edelleenkin liikaa... kun vaan tietäis mitä poistaa?????
ja uusi loki... tavaraa on poistettu, mutta onkelma ei ole ratkennut=( Logfile of HijackThis v1.99.1 Scan saved at 8:41:20, on 28.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\ULI5289\ALi5289.exe C:\Program Files\ULI5289\JMAP5289.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\MediaGateway\MediaGateway.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\allu\Työpöytä\DCPlusPlus.exe C:\Program Files\Registry Clean Expert\RCScheduler.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Documents and Settings\allu\Työpöytä\Logs\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - Default URLSearchHook is missing O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [dmidhu] C:\WINDOWS\System32\dmidhu.exe O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup O4 - HKCU\..\RunOnce: [dmidhu] C:\WINDOWS\System32\dmidhu.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233 O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\jt4u07h9e.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Jaaha, olet vissiin jo vähän itekin fixannut Siirrä HjT [bold]omaan[/bold] kansioonsa -> C:\HjT\HijackThis.exe Poista lisää/poista sovellus-kohdasta: Media Gateway Fixaa nämä (do a system scan only, merkkaa ja paina fix checked): R3 - Default URLSearchHook is missing O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing) O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe O4 - HKCU\..\Run: [dmidhu] C:\WINDOWS\System32\dmidhu.exe O4 - HKCU\..\RunOnce: [dmidhu] C:\WINDOWS\System32\dmidhu.exe O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing) Sitten käynnistä -> suorita -> services.msc. Etsi listalta NetDDE Server, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi "ei käytössä" Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944 Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista: C:\Program Files\E2G\==>IeBHOs.dll<== C:\Program Files\==>MediaGateway<== C:\WINDOWS\System32\==>dmidhu.exe<== C:\WINDOWS\System32\==>netddesrv.exe<== Käynnistä uudestaan. Hae täältä -> http://www.atribune.org/downloads/l2mfix.exe l2mfix ja tallenna työpöydälle. Tuplaklikkaa sitä ja klikkaa install. Avaa l2mfix -kansio työpöydältä ja tuplaklikkaa l2mfix.bat ja valitse #1 painamalla 1 ja enter(ÄLÄ tee vielä mitään muuta!!). Kopioi se loki ja lähetä tänne. Lähetä myös uusi HjT-loki.
tein kaiken ja tässä loki.. L2MFIX find log 1.99 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] "Logoff"="NavLogoffEvent" "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll" "StartShell"="NavStartShellEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\t68ulgl916q.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-HALLINTA\SYSTEM (IO) ALLOW Full access NT-HALLINTA\SYSTEM (NI) ALLOW Full access NT-HALLINTA\SYSTEM (IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access LUOJA-OMISTAJA ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{C52160B0-9EDF-1D11-1ED5-643434566CB4}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto" "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{916C8406-FC1B-40BF-AA9C-5869D4761F88}"="" "{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"="" "{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"="" "{48A7FC0E-5187-429F-859D-9AA62B84E658}"="" "{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"="" "{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"="" "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions" "{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"="" "{099A3150-A10E-42D6-BE7E-566FA64F2F28}"="" "{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"="" "{C53E313C-0413-42B4-BC49-F61C9596F9FF}"="" "{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"="" "{42E89400-7921-401B-BC49-5FB3F219C34C}"="" "{48C3EC2A-484C-463A-8440-BABEBDD2630C}"="" "{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"="" "{AA8F64C8-8B7B-4717-9A09-43998B958896}"="" "{2185FB55-309A-4B7C-9C77-98A3089FAA03}"="" "{826295B6-8FE4-413C-ABFE-68F75599DC43}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32] @="C:\\WINDOWS\\system32\\rfvpmsg.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32] @="C:\\WINDOWS\\system32\\ofbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32] @="C:\\WINDOWS\\system32\\dbmasf.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32] @="C:\\WINDOWS\\system32\\dWdxof.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32] @="C:\\WINDOWS\\system32\\mkcbase.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32] @="C:\\WINDOWS\\system32\\smxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32] @="C:\\WINDOWS\\system32\\mjvcp60.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32] @="C:\\WINDOWS\\system32\\ndxpnt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32] @="C:\\WINDOWS\\system32\\ljc32vc0.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32] @="C:\\WINDOWS\\system32\\uercoina.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32] @="C:\\WINDOWS\\system32\\okbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32] @="C:\\WINDOWS\\system32\\oypdx32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32] @="C:\\WINDOWS\\system32\\sfxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32] @="C:\\WINDOWS\\system32\\omexl32.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K e2jmlc~1.dll Mon 28 Nov 2005 10.11.34 ..S.R 233 683 228,20 K t68ulg~1.dll Mon 28 Nov 2005 10.11.22 ..S.R 234 241 228,75 K vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K __dele~1.dll Mon 28 Nov 2005 10.16.36 A.... 234 241 228,75 K 13 items found: 13 files (2 H/S), 0 directories. Total of file sizes: 1 968 237 bytes 1,88 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Mon 28 Nov 2005 10.16.52 A.... 234 985 229,48 K 1 item found: 1 file, 0 directories. Total of file sizes: 234 985 bytes 229,48 K ********************************************************************************** Directory Listing of system files: Asemalla C ei ole nime„. Aseman sarjanumero on 7C49-36F0 Kansio C:\WINDOWS\System32 28.11.2005 10:11 233ÿ683 e2jmlc111f.dll 28.11.2005 10:11 234ÿ241 t68ulgl916q.dll 28.11.2005 07:48 <KANSIO> dllcache 27.07.2005 13:30 <KANSIO> Microsoft 2 tiedosto(a) 467ÿ924 tavua 2 kansio(ta) 87ÿ322ÿ423ÿ296 tavua vapaana
Se uus HjT-loki olis ollu kans kiva saada, mut lähetä se sitten tän jälkeen. Sulje ensin kaikki ohjelmat, koska kone käynnistyy uudelleen. Avaa l2mfix-kansio työpöydältä, tuplaklikkaa l2mfix.bat ja valitse valinta #2 (Run Fix) painamalla 2 ja enter , paina sitten mitä tahansa näppäintä, jolloin kone käynnistyy uudelleen. Käynnistyksen jälkeen työpöytä ja kuvakkeet häipyvät hetkeksi näkyvistä,se on normaalia. L2mfix jatkaa scannia ja kun se on valmis, loki avautuu muistioon. Kopioi se ja liitä tänne uuden hijackthis-lokin kanssa. Jos käynnistyksen jälkeen kuvakkeet eivät häviä tai loki ei avaudu muistioon, tuplaklikkaa l2mfix-kansiossa olevaa second.bat, jotta fixi jatkuu.
eli eli..... L2MFIX find log 1.99 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] "Logoff"="NavLogoffEvent" "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll" "StartShell"="NavStartShellEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\t68ulgl916q.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-HALLINTA\SYSTEM (IO) ALLOW Full access NT-HALLINTA\SYSTEM (NI) ALLOW Full access NT-HALLINTA\SYSTEM (IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access LUOJA-OMISTAJA ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{C52160B0-9EDF-1D11-1ED5-643434566CB4}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto" "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{916C8406-FC1B-40BF-AA9C-5869D4761F88}"="" "{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"="" "{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"="" "{48A7FC0E-5187-429F-859D-9AA62B84E658}"="" "{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"="" "{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"="" "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions" "{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"="" "{099A3150-A10E-42D6-BE7E-566FA64F2F28}"="" "{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"="" "{C53E313C-0413-42B4-BC49-F61C9596F9FF}"="" "{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"="" "{42E89400-7921-401B-BC49-5FB3F219C34C}"="" "{48C3EC2A-484C-463A-8440-BABEBDD2630C}"="" "{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"="" "{AA8F64C8-8B7B-4717-9A09-43998B958896}"="" "{2185FB55-309A-4B7C-9C77-98A3089FAA03}"="" "{826295B6-8FE4-413C-ABFE-68F75599DC43}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32] @="C:\\WINDOWS\\system32\\rfvpmsg.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32] @="C:\\WINDOWS\\system32\\ofbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32] @="C:\\WINDOWS\\system32\\dbmasf.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32] @="C:\\WINDOWS\\system32\\dWdxof.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32] @="C:\\WINDOWS\\system32\\mkcbase.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32] @="C:\\WINDOWS\\system32\\smxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32] @="C:\\WINDOWS\\system32\\mjvcp60.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32] @="C:\\WINDOWS\\system32\\ndxpnt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32] @="C:\\WINDOWS\\system32\\ljc32vc0.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32] @="C:\\WINDOWS\\system32\\uercoina.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32] @="C:\\WINDOWS\\system32\\okbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32] @="C:\\WINDOWS\\system32\\oypdx32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32] @="C:\\WINDOWS\\system32\\sfxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32] @="C:\\WINDOWS\\system32\\omexl32.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K e2jmlc~1.dll Mon 28 Nov 2005 10.11.34 ..S.R 233 683 228,20 K t68ulg~1.dll Mon 28 Nov 2005 10.11.22 ..S.R 234 241 228,75 K vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K __dele~1.dll Mon 28 Nov 2005 10.16.36 A.... 234 241 228,75 K 13 items found: 13 files (2 H/S), 0 directories. Total of file sizes: 1 968 237 bytes 1,88 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Mon 28 Nov 2005 10.16.52 A.... 234 985 229,48 K 1 item found: 1 file, 0 directories. Total of file sizes: 234 985 bytes 229,48 K ********************************************************************************** Directory Listing of system files: Asemalla C ei ole nime„. Aseman sarjanumero on 7C49-36F0 Kansio C:\WINDOWS\System32 28.11.2005 10:11 233ÿ683 e2jmlc111f.dll 28.11.2005 10:11 234ÿ241 t68ulgl916q.dll 28.11.2005 07:48 <KANSIO> dllcache 27.07.2005 13:30 <KANSIO> Microsoft 2 tiedosto(a) 467ÿ924 tavua 2 kansio(ta) 87ÿ322ÿ423ÿ296 tavua vapaana ja sitten hijack...... Logfile of HijackThis v1.99.1 Scan saved at 10:41:24, on 28.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\ULI5289\ALi5289.exe C:\Program Files\ULI5289\JMAP5289.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\Registry Clean Expert\RCScheduler.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\allu\Työpöytä\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233 O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\t68ulgl916q.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
prosesseja mulla ole enne tätä "hyökkäystä" 24 normaalisti,mut nyt oon kyllä imuroinu kaikenlaista pöpöjen karkotinta netistä...
Toi on valitettavasti väärä l2m-loki(sama kun se eka) :/ Eikö se avannut mitään uutta lokia muistioon? Kokeiles uudestaan tehdä se option 2-juttu vaikka avaamalla se l2mfix-kansio ja tuplaklikkaamalla second.bat Jollei auta, niin sitten asia pitää tehdä vähän toisella tavalla.
se ei pysty suorittamaan sitä toimintoa.. se sanoo"shell.reg:ei voi tuoda.järjestelmässä voi olla levyvirhe tai tiedostojärjestelmävirhe apua!!!!
Selvä. Yritetään toisella tavalla. Hae spysweeper -> http://www.webroot.com/consumer/products/spysweeper/ Asenna ja päivitä se. Käynnistä sitten vikasietotilaan ja skannaa sillä siellä. Anna poistaa mitä löytää. Käynnistä normaalisti. Yritä sitten tehdä se l2mfix optiolla 2. Lähetä myös uusi HjT-loki.
ei onnistu vieläkään... vaikka tein kuten käskit... täällä on vielä joku troijalainen ja spywareta vaikka muille jakaa=)
tässä olis uus loki Logfile of HijackThis v1.99.1 Scan saved at 14:30:59, on 28.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\ULI5289\ALi5289.exe C:\Program Files\ULI5289\JMAP5289.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\Registry Clean Expert\RCScheduler.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\allu\Työpöytä\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233 O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\dn4401hqe.dll (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ajapas seuraavaks se l2mfix sillä optiolla 1 Ja fixaa tämä HjT:llä: O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\dn4401hqe.dll (file missing) Käynnistä uudelleen, lähetä uusi HjT-loki ja se l2m-loki.
tässä olis... L2MFIX find log 1.99 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] "Logoff"="NavLogoffEvent" "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll" "StartShell"="NavStartShellEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-HALLINTA\SYSTEM (IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access LUOJA-OMISTAJA ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{C52160B0-9EDF-1D11-1ED5-643434566CB4}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto" "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{916C8406-FC1B-40BF-AA9C-5869D4761F88}"="" "{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"="" "{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"="" "{48A7FC0E-5187-429F-859D-9AA62B84E658}"="" "{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"="" "{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"="" "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions" "{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"="" "{099A3150-A10E-42D6-BE7E-566FA64F2F28}"="" "{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"="" "{C53E313C-0413-42B4-BC49-F61C9596F9FF}"="" "{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"="" "{42E89400-7921-401B-BC49-5FB3F219C34C}"="" "{48C3EC2A-484C-463A-8440-BABEBDD2630C}"="" "{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"="" "{AA8F64C8-8B7B-4717-9A09-43998B958896}"="" "{2185FB55-309A-4B7C-9C77-98A3089FAA03}"="" "{826295B6-8FE4-413C-ABFE-68F75599DC43}"="" "{655436C4-E4A5-4E51-B617-ACC50FE1677A}"="" "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32] @="C:\\WINDOWS\\system32\\rfvpmsg.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32] @="C:\\WINDOWS\\system32\\ofbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32] @="C:\\WINDOWS\\system32\\dbmasf.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32] @="C:\\WINDOWS\\system32\\dWdxof.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32] @="C:\\WINDOWS\\system32\\mkcbase.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32] @="C:\\WINDOWS\\system32\\smxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32] @="C:\\WINDOWS\\system32\\mjvcp60.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32] @="C:\\WINDOWS\\system32\\ndxpnt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32] @="C:\\WINDOWS\\system32\\ljc32vc0.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32] @="C:\\WINDOWS\\system32\\uercoina.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32] @="C:\\WINDOWS\\system32\\okbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32] @="C:\\WINDOWS\\system32\\oypdx32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32] @="C:\\WINDOWS\\system32\\sfxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32] @="C:\\WINDOWS\\system32\\nfmsapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\InprocServer32] @="C:\\WINDOWS\\system32\\lmbmp13n.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K c0000a~1.dll Mon 28 Nov 2005 10.16.52 ..S.R 234 985 229,48 K e2jmlc~1.dll Mon 28 Nov 2005 10.11.34 ..S.R 233 683 228,20 K l4p2le~1.dll Mon 28 Nov 2005 13.51.32 ..S.R 235 324 229,81 K t68u0g~1.dll Mon 28 Nov 2005 10.38.08 ..S.R 235 227 229,71 K vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K __dele~1.dll Mon 28 Nov 2005 10.16.36 A.... 234 241 228,75 K 15 items found: 15 files (4 H/S), 0 directories. Total of file sizes: 2 439 532 bytes 2,32 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Mon 28 Nov 2005 14.12.02 ..S.R 235 441 229,92 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 235 441 bytes 229,92 K ********************************************************************************** Directory Listing of system files: Asemalla C ei ole nime„. Aseman sarjanumero on 7C49-36F0 Kansio C:\WINDOWS\System32 28.11.2005 14:12 235ÿ441 guard.tmp 28.11.2005 13:51 235ÿ324 l4p2le7o1h.dll 28.11.2005 10:38 235ÿ227 t68u0gl9e6q.dll 28.11.2005 10:16 234ÿ985 c0000admed0a0.dll 28.11.2005 10:11 233ÿ683 e2jmlc111f.dll 28.11.2005 07:48 <KANSIO> dllcache 27.07.2005 13:30 <KANSIO> Microsoft 5 tiedosto(a) 1ÿ174ÿ660 tavua 2 kansio(ta) 87ÿ275ÿ257ÿ856 tavua vapaana ja...... Logfile of HijackThis v1.99.1 Scan saved at 15:29:35, on 28.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\ULI5289\ALi5289.exe C:\Program Files\ULI5289\JMAP5289.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\Registry Clean Expert\RCScheduler.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\allu\Työpöytä\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233 O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
mä unohdin käynnistää koneen... joten tässä olis nyt sitten uudet lokit.... L2MFIX find log 1.99 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] "Logoff"="NavLogoffEvent" "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll" "StartShell"="NavStartShellEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-HALLINTA\SYSTEM (IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access LUOJA-OMISTAJA ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{C52160B0-9EDF-1D11-1ED5-643434566CB4}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto" "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{916C8406-FC1B-40BF-AA9C-5869D4761F88}"="" "{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"="" "{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"="" "{48A7FC0E-5187-429F-859D-9AA62B84E658}"="" "{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"="" "{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"="" "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions" "{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"="" "{099A3150-A10E-42D6-BE7E-566FA64F2F28}"="" "{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"="" "{C53E313C-0413-42B4-BC49-F61C9596F9FF}"="" "{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"="" "{42E89400-7921-401B-BC49-5FB3F219C34C}"="" "{48C3EC2A-484C-463A-8440-BABEBDD2630C}"="" "{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"="" "{AA8F64C8-8B7B-4717-9A09-43998B958896}"="" "{2185FB55-309A-4B7C-9C77-98A3089FAA03}"="" "{826295B6-8FE4-413C-ABFE-68F75599DC43}"="" "{655436C4-E4A5-4E51-B617-ACC50FE1677A}"="" "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32] @="C:\\WINDOWS\\system32\\rfvpmsg.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32] @="C:\\WINDOWS\\system32\\ofbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32] @="C:\\WINDOWS\\system32\\dbmasf.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32] @="C:\\WINDOWS\\system32\\dWdxof.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32] @="C:\\WINDOWS\\system32\\mkcbase.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32] @="C:\\WINDOWS\\system32\\smxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32] @="C:\\WINDOWS\\system32\\mjvcp60.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32] @="C:\\WINDOWS\\system32\\ndxpnt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32] @="C:\\WINDOWS\\system32\\ljc32vc0.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32] @="C:\\WINDOWS\\system32\\uercoina.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32] @="C:\\WINDOWS\\system32\\okbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32] @="C:\\WINDOWS\\system32\\oypdx32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32] @="C:\\WINDOWS\\system32\\sfxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32] @="C:\\WINDOWS\\system32\\nfmsapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\InprocServer32] @="C:\\WINDOWS\\system32\\lmbmp13n.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K c0000a~1.dll Mon 28 Nov 2005 10.16.52 ..S.R 234 985 229,48 K e2jmlc~1.dll Mon 28 Nov 2005 10.11.34 ..S.R 233 683 228,20 K l4p2le~1.dll Mon 28 Nov 2005 13.51.32 ..S.R 235 324 229,81 K t68u0g~1.dll Mon 28 Nov 2005 10.38.08 ..S.R 235 227 229,71 K vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K __dele~1.dll Mon 28 Nov 2005 10.16.36 A.... 234 241 228,75 K 15 items found: 15 files (4 H/S), 0 directories. Total of file sizes: 2 439 532 bytes 2,32 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Mon 28 Nov 2005 14.12.02 ..S.R 235 441 229,92 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 235 441 bytes 229,92 K ********************************************************************************** Directory Listing of system files: Asemalla C ei ole nime„. Aseman sarjanumero on 7C49-36F0 Kansio C:\WINDOWS\System32 28.11.2005 14:12 235ÿ441 guard.tmp 28.11.2005 13:51 235ÿ324 l4p2le7o1h.dll 28.11.2005 10:38 235ÿ227 t68u0gl9e6q.dll 28.11.2005 10:16 234ÿ985 c0000admed0a0.dll 28.11.2005 10:11 233ÿ683 e2jmlc111f.dll 28.11.2005 07:48 <KANSIO> dllcache 27.07.2005 13:30 <KANSIO> Microsoft 5 tiedosto(a) 1ÿ174ÿ660 tavua 2 kansio(ta) 87ÿ263ÿ571ÿ968 tavua vapaana ja.... Logfile of HijackThis v1.99.1 Scan saved at 15:37:23, on 28.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\ULI5289\ALi5289.exe C:\Program Files\ULI5289\JMAP5289.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\Registry Clean Expert\RCScheduler.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\allu\Työpöytä\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233 O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
L2m-örkkejä on vielä, eivät ole vaan aktiivisena. Tehdääs näin: Hae KillBox http://www.bleepingcomputer.com/files/spyware/KillBox.zip Pura,avaa ja täppi kohtaan Delete on Reboot Sitte kopioi rivit tosta alapuolelta yhellä kertaa C:\Windows\System32\guard.tmp C:\Windows\System32\l4p2le7o1h.dll C:\Windows\System32\t68u0gl9e6q.dll C:\Windows\System32\c0000admed0a0.dll C:\Windows\System32\e2jmlc111f.dll Sitten KillBoxissa ylhäältä File > Paste from Clipboard Sen jälkeen paina Delete (punainen, jossa on valkonen X) Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se. Päivitä ewido. Käynnistä kone vikasietotilaan Skannaa ewidolla ja anna poistaa, mitä löytää. Tallenna ewidon raportti. Käynnistä normaalisti. Aja l2mfix optiolla 1 Lähetä ewidon raportti, uusi HjT-loki ja uusi l2mfix-loki.
no niin... ewido security suite - Scan report --------------------------------------------------------- + Created on: 18:48:50, 28.11.2005 + Report-Checksum: 66FE2532 + Scan result: C:\!KillBox\guard.tmp -> Spyware.Look2Me : Cleaned with backup C:\Documents and Settings\allu\Cookies\allu@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\WINDOWS\system32\c0000admed0a0.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\e2jmlc111f.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\l4p2le7o1h.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\t68u0gl9e6q.dll -> Spyware.Look2Me : Cleaned with backup C:\WINDOWS\system32\__delete_on_reboot__omexl32.dllj -> Spyware.Look2Me : Cleaned with backup ::Report End ja.... Logfile of HijackThis v1.99.1 Scan saved at 18:55:12, on 28.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\ULI5289\ALi5289.exe C:\Program Files\ULI5289\JMAP5289.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\Registry Clean Expert\RCScheduler.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\allu\Työpöytä\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233 O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ja vielä.... L2MFIX find log 1.99 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] "Logoff"="NavLogoffEvent" "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll" "StartShell"="NavStartShellEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-HALLINTA\SYSTEM (IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access LUOJA-OMISTAJA ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{C52160B0-9EDF-1D11-1ED5-643434566CB4}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto" "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{916C8406-FC1B-40BF-AA9C-5869D4761F88}"="" "{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"="" "{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"="" "{48A7FC0E-5187-429F-859D-9AA62B84E658}"="" "{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"="" "{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"="" "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions" "{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"="" "{099A3150-A10E-42D6-BE7E-566FA64F2F28}"="" "{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"="" "{C53E313C-0413-42B4-BC49-F61C9596F9FF}"="" "{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"="" "{42E89400-7921-401B-BC49-5FB3F219C34C}"="" "{48C3EC2A-484C-463A-8440-BABEBDD2630C}"="" "{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"="" "{AA8F64C8-8B7B-4717-9A09-43998B958896}"="" "{2185FB55-309A-4B7C-9C77-98A3089FAA03}"="" "{826295B6-8FE4-413C-ABFE-68F75599DC43}"="" "{655436C4-E4A5-4E51-B617-ACC50FE1677A}"="" "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32] @="C:\\WINDOWS\\system32\\rfvpmsg.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32] @="C:\\WINDOWS\\system32\\ofbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32] @="C:\\WINDOWS\\system32\\dbmasf.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32] @="C:\\WINDOWS\\system32\\dWdxof.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32] @="C:\\WINDOWS\\system32\\mkcbase.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32] @="C:\\WINDOWS\\system32\\smxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32] @="C:\\WINDOWS\\system32\\mjvcp60.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32] @="C:\\WINDOWS\\system32\\ndxpnt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32] @="C:\\WINDOWS\\system32\\ljc32vc0.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32] @="C:\\WINDOWS\\system32\\uercoina.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32] @="C:\\WINDOWS\\system32\\okbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32] @="C:\\WINDOWS\\system32\\oypdx32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32] @="C:\\WINDOWS\\system32\\sfxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32] @="C:\\WINDOWS\\system32\\nfmsapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\InprocServer32] @="C:\\WINDOWS\\system32\\lmbmp13n.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K 10 items found: 10 files, 0 directories. Total of file sizes: 1 266 072 bytes 1,21 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Asemalla C ei ole nime„. Aseman sarjanumero on 7C49-36F0 Kansio C:\WINDOWS\System32 28.11.2005 07:48 <KANSIO> dllcache 27.07.2005 13:30 <KANSIO> Microsoft 0 tiedosto(a) 0 tavua 2 kansio(ta) 87ÿ215ÿ665ÿ152 tavua vapaana tossa olis noi raportit...