hjt loki...

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi albertto 27.11.2005.

  1. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    eli kone sammuilee ja yli määräisiä projekteja syntyy tyhjästä..

    Logfile of HijackThis v1.99.1
    Scan saved at 0:31:29, on 28.11.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ULI5289\ALi5289.exe
    C:\Program Files\ULI5289\JMAP5289.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\MediaGateway\MediaGateway.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\WINDOWS\System32\dmidhu.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\dmidhu.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Documents and Settings\allu\Työpöytä\Logs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - Default URLSearchHook is missing
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
    O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
    O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
    O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
    O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
    O4 - HKLM\..\Run: [NIW\] C:\windows\mrjj.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [dmidhu] C:\WINDOWS\System32\dmidhu.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\RunOnce: [dmidhu] C:\WINDOWS\System32\dmidhu.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\gp48l3hu1.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
     
  2.  
  3. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    ja tässä uus loki...


    Logfile of HijackThis v1.99.1
    Scan saved at 1:21:53, on 28.11.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ULI5289\ALi5289.exe
    C:\Program Files\ULI5289\JMAP5289.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\MediaGateway\MediaGateway.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\dmidhu.exe
    C:\WINDOWS\System32\dmidhu.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\allu\Työpöytä\Logs\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - Default URLSearchHook is missing
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
    O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
    O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
    O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
    O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
    O4 - HKLM\..\Run: [NIW\] C:\windows\mrjj.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [dmidhu] C:\WINDOWS\System32\dmidhu.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\RunOnce: [dmidhu] C:\WINDOWS\System32\dmidhu.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\hr0805due.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    netti toimii välillä, ihme pop uppeja ilmestyy melkien kokoajan... prosesseja edelleenkin liikaa... kun vaan tietäis mitä poistaa?????
     
  4. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    ja uusi loki... tavaraa on poistettu, mutta onkelma ei ole ratkennut=(


    Logfile of HijackThis v1.99.1
    Scan saved at 8:41:20, on 28.11.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\ULI5289\ALi5289.exe
    C:\Program Files\ULI5289\JMAP5289.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\MediaGateway\MediaGateway.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\allu\Työpöytä\DCPlusPlus.exe
    C:\Program Files\Registry Clean Expert\RCScheduler.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Documents and Settings\allu\Työpöytä\Logs\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - Default URLSearchHook is missing
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [dmidhu] C:\WINDOWS\System32\dmidhu.exe
    O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup
    O4 - HKCU\..\RunOnce: [dmidhu] C:\WINDOWS\System32\dmidhu.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\jt4u07h9e.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
  5. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Jaaha, olet vissiin jo vähän itekin fixannut ;)

    Siirrä HjT [bold]omaan[/bold] kansioonsa -> C:\HjT\HijackThis.exe

    Poista lisää/poista sovellus-kohdasta:

    Media Gateway

    Fixaa nämä (do a system scan only, merkkaa ja paina fix checked):

    R3 - Default URLSearchHook is missing
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
    O4 - HKCU\..\Run: [dmidhu] C:\WINDOWS\System32\dmidhu.exe
    O4 - HKCU\..\RunOnce: [dmidhu] C:\WINDOWS\System32\dmidhu.exe
    O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)

    Sitten käynnistä -> suorita -> services.msc. Etsi listalta NetDDE Server, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi "ei käytössä"

    Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

    C:\Program Files\E2G\==>IeBHOs.dll<==
    C:\Program Files\==>MediaGateway<==
    C:\WINDOWS\System32\==>dmidhu.exe<==
    C:\WINDOWS\System32\==>netddesrv.exe<==

    Käynnistä uudestaan.

    Hae täältä -> http://www.atribune.org/downloads/l2mfix.exe l2mfix ja tallenna työpöydälle. Tuplaklikkaa sitä ja klikkaa install. Avaa l2mfix -kansio työpöydältä ja tuplaklikkaa l2mfix.bat ja valitse #1 painamalla 1 ja enter(ÄLÄ tee vielä mitään muuta!!). Kopioi se loki ja lähetä tänne. Lähetä myös uusi HjT-loki.

     
  6. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    tein kaiken ja tässä loki..

    L2MFIX find log 1.99
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    "Logoff"="NavLogoffEvent"
    "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll"
    "StartShell"="NavStartShellEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\t68ulgl916q.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t
    (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t
    (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-IO) ALLOW Full access LUOJA-OMISTAJA


    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{C52160B0-9EDF-1D11-1ED5-643434566CB4}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
    "{916C8406-FC1B-40BF-AA9C-5869D4761F88}"=""
    "{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"=""
    "{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"=""
    "{48A7FC0E-5187-429F-859D-9AA62B84E658}"=""
    "{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"=""
    "{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"=""
    "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
    "{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"=""
    "{099A3150-A10E-42D6-BE7E-566FA64F2F28}"=""
    "{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"=""
    "{C53E313C-0413-42B4-BC49-F61C9596F9FF}"=""
    "{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"=""
    "{42E89400-7921-401B-BC49-5FB3F219C34C}"=""
    "{48C3EC2A-484C-463A-8440-BABEBDD2630C}"=""
    "{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"=""
    "{AA8F64C8-8B7B-4717-9A09-43998B958896}"=""
    "{2185FB55-309A-4B7C-9C77-98A3089FAA03}"=""
    "{826295B6-8FE4-413C-ABFE-68F75599DC43}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rfvpmsg.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ofbcint.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dbmasf.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dWdxof.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mkcbase.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32]
    @="C:\\WINDOWS\\system32\\smxcoins.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mjvcp60.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ndxpnt.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ljc32vc0.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\uercoina.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\okbcint.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\oypdx32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sfxcoins.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32]
    @="C:\\WINDOWS\\system32\\omexl32.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K
    e2jmlc~1.dll Mon 28 Nov 2005 10.11.34 ..S.R 233 683 228,20 K
    t68ulg~1.dll Mon 28 Nov 2005 10.11.22 ..S.R 234 241 228,75 K
    vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K
    vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K
    vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K
    vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K
    vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K
    vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K
    vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K
    zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K
    zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K
    __dele~1.dll Mon 28 Nov 2005 10.16.36 A.... 234 241 228,75 K

    13 items found: 13 files (2 H/S), 0 directories.
    Total of file sizes: 1 968 237 bytes 1,88 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    guard.tmp Mon 28 Nov 2005 10.16.52 A.... 234 985 229,48 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 234 985 bytes 229,48 K
    **********************************************************************************
    Directory Listing of system files:
    Asemalla C ei ole nime„.
    Aseman sarjanumero on 7C49-36F0

    Kansio C:\WINDOWS\System32

    28.11.2005 10:11 233ÿ683 e2jmlc111f.dll
    28.11.2005 10:11 234ÿ241 t68ulgl916q.dll
    28.11.2005 07:48 <KANSIO> dllcache
    27.07.2005 13:30 <KANSIO> Microsoft
    2 tiedosto(a) 467ÿ924 tavua
    2 kansio(ta) 87ÿ322ÿ423ÿ296 tavua vapaana
     
  7. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Se uus HjT-loki olis ollu kans kiva saada, mut lähetä se sitten tän jälkeen.

    Sulje ensin kaikki ohjelmat, koska kone käynnistyy uudelleen.

    Avaa l2mfix-kansio työpöydältä, tuplaklikkaa l2mfix.bat ja valitse valinta #2 (Run Fix) painamalla 2 ja enter , paina sitten mitä tahansa näppäintä, jolloin kone käynnistyy uudelleen. Käynnistyksen jälkeen työpöytä ja kuvakkeet häipyvät hetkeksi näkyvistä,se on normaalia. L2mfix jatkaa scannia ja kun se on valmis, loki avautuu muistioon. Kopioi se ja liitä tänne uuden hijackthis-lokin kanssa.

    Jos käynnistyksen jälkeen kuvakkeet eivät häviä tai loki ei avaudu muistioon, tuplaklikkaa l2mfix-kansiossa olevaa second.bat, jotta fixi jatkuu.
     
  8. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    eli eli.....


    L2MFIX find log 1.99
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    "Logoff"="NavLogoffEvent"
    "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll"
    "StartShell"="NavStartShellEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\t68ulgl916q.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t
    (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t
    (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-IO) ALLOW Full access LUOJA-OMISTAJA


    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{C52160B0-9EDF-1D11-1ED5-643434566CB4}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
    "{916C8406-FC1B-40BF-AA9C-5869D4761F88}"=""
    "{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"=""
    "{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"=""
    "{48A7FC0E-5187-429F-859D-9AA62B84E658}"=""
    "{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"=""
    "{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"=""
    "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
    "{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"=""
    "{099A3150-A10E-42D6-BE7E-566FA64F2F28}"=""
    "{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"=""
    "{C53E313C-0413-42B4-BC49-F61C9596F9FF}"=""
    "{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"=""
    "{42E89400-7921-401B-BC49-5FB3F219C34C}"=""
    "{48C3EC2A-484C-463A-8440-BABEBDD2630C}"=""
    "{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"=""
    "{AA8F64C8-8B7B-4717-9A09-43998B958896}"=""
    "{2185FB55-309A-4B7C-9C77-98A3089FAA03}"=""
    "{826295B6-8FE4-413C-ABFE-68F75599DC43}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rfvpmsg.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ofbcint.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dbmasf.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dWdxof.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mkcbase.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32]
    @="C:\\WINDOWS\\system32\\smxcoins.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mjvcp60.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ndxpnt.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ljc32vc0.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\uercoina.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\okbcint.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\oypdx32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sfxcoins.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32]
    @="C:\\WINDOWS\\system32\\omexl32.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K
    e2jmlc~1.dll Mon 28 Nov 2005 10.11.34 ..S.R 233 683 228,20 K
    t68ulg~1.dll Mon 28 Nov 2005 10.11.22 ..S.R 234 241 228,75 K
    vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K
    vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K
    vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K
    vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K
    vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K
    vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K
    vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K
    zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K
    zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K
    __dele~1.dll Mon 28 Nov 2005 10.16.36 A.... 234 241 228,75 K

    13 items found: 13 files (2 H/S), 0 directories.
    Total of file sizes: 1 968 237 bytes 1,88 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    guard.tmp Mon 28 Nov 2005 10.16.52 A.... 234 985 229,48 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 234 985 bytes 229,48 K
    **********************************************************************************
    Directory Listing of system files:
    Asemalla C ei ole nime„.
    Aseman sarjanumero on 7C49-36F0

    Kansio C:\WINDOWS\System32

    28.11.2005 10:11 233ÿ683 e2jmlc111f.dll
    28.11.2005 10:11 234ÿ241 t68ulgl916q.dll
    28.11.2005 07:48 <KANSIO> dllcache
    27.07.2005 13:30 <KANSIO> Microsoft
    2 tiedosto(a) 467ÿ924 tavua
    2 kansio(ta) 87ÿ322ÿ423ÿ296 tavua vapaana


    ja sitten hijack......




    Logfile of HijackThis v1.99.1
    Scan saved at 10:41:24, on 28.11.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\ULI5289\ALi5289.exe
    C:\Program Files\ULI5289\JMAP5289.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Registry Clean Expert\RCScheduler.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\allu\Työpöytä\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\t68ulgl916q.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  9. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    prosesseja mulla ole enne tätä "hyökkäystä" 24 normaalisti,mut nyt oon kyllä imuroinu kaikenlaista pöpöjen karkotinta netistä...
     
  10. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Toi on valitettavasti väärä l2m-loki(sama kun se eka) :/ Eikö se avannut mitään uutta lokia muistioon?

    Kokeiles uudestaan tehdä se option 2-juttu vaikka avaamalla se l2mfix-kansio ja tuplaklikkaamalla second.bat

    Jollei auta, niin sitten asia pitää tehdä vähän toisella tavalla.
     
  11. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    se ei pysty suorittamaan sitä toimintoa.. se sanoo"shell.reg:ei voi tuoda.järjestelmässä voi olla levyvirhe tai tiedostojärjestelmävirhe


    apua!!!!
     
  12. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Selvä. Yritetään toisella tavalla.

    Hae spysweeper -> http://www.webroot.com/consumer/products/spysweeper/
    Asenna ja päivitä se.

    Käynnistä sitten vikasietotilaan ja skannaa sillä siellä. Anna poistaa mitä löytää. Käynnistä normaalisti. Yritä sitten tehdä se l2mfix optiolla 2. Lähetä myös uusi HjT-loki.
     
  13. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    ei onnistu vieläkään... vaikka tein kuten käskit... täällä on vielä joku troijalainen ja spywareta vaikka muille jakaa=)
     
  14. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    tässä olis uus loki

    Logfile of HijackThis v1.99.1
    Scan saved at 14:30:59, on 28.11.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\ULI5289\ALi5289.exe
    C:\Program Files\ULI5289\JMAP5289.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Registry Clean Expert\RCScheduler.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\allu\Työpöytä\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
    O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\dn4401hqe.dll (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
  15. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Ajapas seuraavaks se l2mfix sillä optiolla 1

    Ja fixaa tämä HjT:llä:

    O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\dn4401hqe.dll (file missing)

    Käynnistä uudelleen, lähetä uusi HjT-loki ja se l2m-loki.
     
  16. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    tässä olis...


    L2MFIX find log 1.99
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    "Logoff"="NavLogoffEvent"
    "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll"
    "StartShell"="NavStartShellEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
    "Asynchronous"=dword:00000000
    "DllName"="WRLogonNTF.dll"
    "Impersonate"=dword:00000001
    "Lock"="WRLock"
    "StartScreenSaver"="WRStartScreenSaver"
    "StartShell"="WRStartShell"
    "Startup"="WRStartup"
    "StopScreenSaver"="WRStopScreenSaver"
    "Unlock"="WRUnlock"
    "Shutdown"="WRShutdown"
    "Logoff"="WRLogoff"
    "Logon"="WRLogon"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    "DLLName"="wzcdlg.dll"
    "Logon"="WZCEventLogon"
    "Logoff"="WZCEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000000


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t
    (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t
    (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-IO) ALLOW Full access LUOJA-OMISTAJA


    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{C52160B0-9EDF-1D11-1ED5-643434566CB4}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
    "{916C8406-FC1B-40BF-AA9C-5869D4761F88}"=""
    "{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"=""
    "{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"=""
    "{48A7FC0E-5187-429F-859D-9AA62B84E658}"=""
    "{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"=""
    "{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"=""
    "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
    "{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"=""
    "{099A3150-A10E-42D6-BE7E-566FA64F2F28}"=""
    "{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"=""
    "{C53E313C-0413-42B4-BC49-F61C9596F9FF}"=""
    "{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"=""
    "{42E89400-7921-401B-BC49-5FB3F219C34C}"=""
    "{48C3EC2A-484C-463A-8440-BABEBDD2630C}"=""
    "{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"=""
    "{AA8F64C8-8B7B-4717-9A09-43998B958896}"=""
    "{2185FB55-309A-4B7C-9C77-98A3089FAA03}"=""
    "{826295B6-8FE4-413C-ABFE-68F75599DC43}"=""
    "{655436C4-E4A5-4E51-B617-ACC50FE1677A}"=""
    "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rfvpmsg.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ofbcint.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dbmasf.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dWdxof.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mkcbase.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32]
    @="C:\\WINDOWS\\system32\\smxcoins.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mjvcp60.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ndxpnt.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ljc32vc0.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\uercoina.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\okbcint.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\oypdx32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sfxcoins.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nfmsapi.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\lmbmp13n.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K
    c0000a~1.dll Mon 28 Nov 2005 10.16.52 ..S.R 234 985 229,48 K
    e2jmlc~1.dll Mon 28 Nov 2005 10.11.34 ..S.R 233 683 228,20 K
    l4p2le~1.dll Mon 28 Nov 2005 13.51.32 ..S.R 235 324 229,81 K
    t68u0g~1.dll Mon 28 Nov 2005 10.38.08 ..S.R 235 227 229,71 K
    vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K
    vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K
    vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K
    vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K
    vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K
    vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K
    vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K
    zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K
    zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K
    __dele~1.dll Mon 28 Nov 2005 10.16.36 A.... 234 241 228,75 K

    15 items found: 15 files (4 H/S), 0 directories.
    Total of file sizes: 2 439 532 bytes 2,32 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    guard.tmp Mon 28 Nov 2005 14.12.02 ..S.R 235 441 229,92 K

    1 item found: 1 file (1 H/S), 0 directories.
    Total of file sizes: 235 441 bytes 229,92 K
    **********************************************************************************
    Directory Listing of system files:
    Asemalla C ei ole nime„.
    Aseman sarjanumero on 7C49-36F0

    Kansio C:\WINDOWS\System32

    28.11.2005 14:12 235ÿ441 guard.tmp
    28.11.2005 13:51 235ÿ324 l4p2le7o1h.dll
    28.11.2005 10:38 235ÿ227 t68u0gl9e6q.dll
    28.11.2005 10:16 234ÿ985 c0000admed0a0.dll
    28.11.2005 10:11 233ÿ683 e2jmlc111f.dll
    28.11.2005 07:48 <KANSIO> dllcache
    27.07.2005 13:30 <KANSIO> Microsoft
    5 tiedosto(a) 1ÿ174ÿ660 tavua
    2 kansio(ta) 87ÿ275ÿ257ÿ856 tavua vapaana



    ja......




    Logfile of HijackThis v1.99.1
    Scan saved at 15:29:35, on 28.11.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\ULI5289\ALi5289.exe
    C:\Program Files\ULI5289\JMAP5289.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Registry Clean Expert\RCScheduler.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\allu\Työpöytä\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
    O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
  17. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    mä unohdin käynnistää koneen... joten tässä olis nyt sitten uudet lokit....


    L2MFIX find log 1.99
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    "Logoff"="NavLogoffEvent"
    "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll"
    "StartShell"="NavStartShellEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
    "Asynchronous"=dword:00000000
    "DllName"="WRLogonNTF.dll"
    "Impersonate"=dword:00000001
    "Lock"="WRLock"
    "StartScreenSaver"="WRStartScreenSaver"
    "StartShell"="WRStartShell"
    "Startup"="WRStartup"
    "StopScreenSaver"="WRStopScreenSaver"
    "Unlock"="WRUnlock"
    "Shutdown"="WRShutdown"
    "Logoff"="WRLogoff"
    "Logon"="WRLogon"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    "DLLName"="wzcdlg.dll"
    "Logon"="WZCEventLogon"
    "Logoff"="WZCEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000000


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t
    (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t
    (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-IO) ALLOW Full access LUOJA-OMISTAJA


    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{C52160B0-9EDF-1D11-1ED5-643434566CB4}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
    "{916C8406-FC1B-40BF-AA9C-5869D4761F88}"=""
    "{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"=""
    "{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"=""
    "{48A7FC0E-5187-429F-859D-9AA62B84E658}"=""
    "{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"=""
    "{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"=""
    "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
    "{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"=""
    "{099A3150-A10E-42D6-BE7E-566FA64F2F28}"=""
    "{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"=""
    "{C53E313C-0413-42B4-BC49-F61C9596F9FF}"=""
    "{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"=""
    "{42E89400-7921-401B-BC49-5FB3F219C34C}"=""
    "{48C3EC2A-484C-463A-8440-BABEBDD2630C}"=""
    "{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"=""
    "{AA8F64C8-8B7B-4717-9A09-43998B958896}"=""
    "{2185FB55-309A-4B7C-9C77-98A3089FAA03}"=""
    "{826295B6-8FE4-413C-ABFE-68F75599DC43}"=""
    "{655436C4-E4A5-4E51-B617-ACC50FE1677A}"=""
    "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rfvpmsg.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ofbcint.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dbmasf.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dWdxof.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mkcbase.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32]
    @="C:\\WINDOWS\\system32\\smxcoins.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mjvcp60.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ndxpnt.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ljc32vc0.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\uercoina.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\okbcint.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\oypdx32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sfxcoins.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nfmsapi.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\lmbmp13n.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K
    c0000a~1.dll Mon 28 Nov 2005 10.16.52 ..S.R 234 985 229,48 K
    e2jmlc~1.dll Mon 28 Nov 2005 10.11.34 ..S.R 233 683 228,20 K
    l4p2le~1.dll Mon 28 Nov 2005 13.51.32 ..S.R 235 324 229,81 K
    t68u0g~1.dll Mon 28 Nov 2005 10.38.08 ..S.R 235 227 229,71 K
    vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K
    vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K
    vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K
    vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K
    vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K
    vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K
    vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K
    zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K
    zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K
    __dele~1.dll Mon 28 Nov 2005 10.16.36 A.... 234 241 228,75 K

    15 items found: 15 files (4 H/S), 0 directories.
    Total of file sizes: 2 439 532 bytes 2,32 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    guard.tmp Mon 28 Nov 2005 14.12.02 ..S.R 235 441 229,92 K

    1 item found: 1 file (1 H/S), 0 directories.
    Total of file sizes: 235 441 bytes 229,92 K
    **********************************************************************************
    Directory Listing of system files:
    Asemalla C ei ole nime„.
    Aseman sarjanumero on 7C49-36F0

    Kansio C:\WINDOWS\System32

    28.11.2005 14:12 235ÿ441 guard.tmp
    28.11.2005 13:51 235ÿ324 l4p2le7o1h.dll
    28.11.2005 10:38 235ÿ227 t68u0gl9e6q.dll
    28.11.2005 10:16 234ÿ985 c0000admed0a0.dll
    28.11.2005 10:11 233ÿ683 e2jmlc111f.dll
    28.11.2005 07:48 <KANSIO> dllcache
    27.07.2005 13:30 <KANSIO> Microsoft
    5 tiedosto(a) 1ÿ174ÿ660 tavua
    2 kansio(ta) 87ÿ263ÿ571ÿ968 tavua vapaana



    ja....



    Logfile of HijackThis v1.99.1
    Scan saved at 15:37:23, on 28.11.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\ULI5289\ALi5289.exe
    C:\Program Files\ULI5289\JMAP5289.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Registry Clean Expert\RCScheduler.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\allu\Työpöytä\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
    O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


     
  18. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    L2m-örkkejä on vielä, eivät ole vaan aktiivisena.

    Tehdääs näin:

    Hae KillBox

    http://www.bleepingcomputer.com/files/spyware/KillBox.zip

    Pura,avaa ja täppi kohtaan Delete on Reboot
    Sitte kopioi rivit tosta alapuolelta yhellä kertaa

    C:\Windows\System32\guard.tmp
    C:\Windows\System32\l4p2le7o1h.dll
    C:\Windows\System32\t68u0gl9e6q.dll
    C:\Windows\System32\c0000admed0a0.dll
    C:\Windows\System32\e2jmlc111f.dll

    Sitten KillBoxissa ylhäältä File > Paste from Clipboard
    Sen jälkeen paina Delete (punainen, jossa on valkonen X)
    Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

    Päivitä ewido.

    Käynnistä kone vikasietotilaan

    Skannaa ewidolla ja anna poistaa, mitä löytää. Tallenna ewidon raportti.

    Käynnistä normaalisti. Aja l2mfix optiolla 1

    Lähetä ewidon raportti, uusi HjT-loki ja uusi l2mfix-loki.
     
    Viimeksi muokattu: 28.11.2005
  19. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    ewido sanoo et, ei päivitystä saatavilla... teen nyt sen kaiken muun.. ootas
     
  20. albertto

    albertto Member

    Liittynyt:
    23.03.2005
    Viestejä:
    63
    Kiitokset:
    0
    Pisteet:
    16
    no niin...

    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 18:48:50, 28.11.2005
    + Report-Checksum: 66FE2532

    + Scan result:

    C:\!KillBox\guard.tmp -> Spyware.Look2Me : Cleaned with backup
    C:\Documents and Settings\allu\Cookies\allu@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\WINDOWS\system32\c0000admed0a0.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\e2jmlc111f.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\l4p2le7o1h.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\t68u0gl9e6q.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\__delete_on_reboot__omexl32.dllj -> Spyware.Look2Me : Cleaned with backup


    ::Report End


    ja....



    Logfile of HijackThis v1.99.1
    Scan saved at 18:55:12, on 28.11.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\ULI5289\ALi5289.exe
    C:\Program Files\ULI5289\JMAP5289.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Registry Clean Expert\RCScheduler.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\allu\Työpöytä\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
    O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122481745233
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    ja vielä....



    L2MFIX find log 1.99
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    "Logoff"="NavLogoffEvent"
    "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll"
    "StartShell"="NavStartShellEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
    "Asynchronous"=dword:00000000
    "DllName"="WRLogonNTF.dll"
    "Impersonate"=dword:00000001
    "Lock"="WRLock"
    "StartScreenSaver"="WRStartScreenSaver"
    "StartShell"="WRStartShell"
    "Startup"="WRStartup"
    "StopScreenSaver"="WRStopScreenSaver"
    "Unlock"="WRUnlock"
    "Shutdown"="WRShutdown"
    "Logoff"="WRLogoff"
    "Logon"="WRLogon"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    "DLLName"="wzcdlg.dll"
    "Logon"="WZCEventLogon"
    "Logoff"="WZCEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000000


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t
    (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t
    (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-IO) ALLOW Full access LUOJA-OMISTAJA


    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{C52160B0-9EDF-1D11-1ED5-643434566CB4}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
    "{916C8406-FC1B-40BF-AA9C-5869D4761F88}"=""
    "{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"=""
    "{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"=""
    "{48A7FC0E-5187-429F-859D-9AA62B84E658}"=""
    "{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"=""
    "{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"=""
    "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
    "{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"=""
    "{099A3150-A10E-42D6-BE7E-566FA64F2F28}"=""
    "{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"=""
    "{C53E313C-0413-42B4-BC49-F61C9596F9FF}"=""
    "{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"=""
    "{42E89400-7921-401B-BC49-5FB3F219C34C}"=""
    "{48C3EC2A-484C-463A-8440-BABEBDD2630C}"=""
    "{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"=""
    "{AA8F64C8-8B7B-4717-9A09-43998B958896}"=""
    "{2185FB55-309A-4B7C-9C77-98A3089FAA03}"=""
    "{826295B6-8FE4-413C-ABFE-68F75599DC43}"=""
    "{655436C4-E4A5-4E51-B617-ACC50FE1677A}"=""
    "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rfvpmsg.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ofbcint.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dbmasf.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dWdxof.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mkcbase.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32]
    @="C:\\WINDOWS\\system32\\smxcoins.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mjvcp60.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ndxpnt.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ljc32vc0.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\uercoina.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\okbcint.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\oypdx32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sfxcoins.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nfmsapi.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\lmbmp13n.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K
    vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K
    vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K
    vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K
    vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K
    vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K
    vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K
    vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K
    zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K
    zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K

    10 items found: 10 files, 0 directories.
    Total of file sizes: 1 266 072 bytes 1,21 M
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Asemalla C ei ole nime„.
    Aseman sarjanumero on 7C49-36F0

    Kansio C:\WINDOWS\System32

    28.11.2005 07:48 <KANSIO> dllcache
    27.07.2005 13:30 <KANSIO> Microsoft
    0 tiedosto(a) 0 tavua
    2 kansio(ta) 87ÿ215ÿ665ÿ152 tavua vapaana

    tossa olis noi raportit...
     
  21. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Nyt näyttää hyvältä :) Yritäs vielä ajaa se l2mfix option 2:sella, kun noi l2m-tiedostot on pois.
     

Jaa tämä sivu