Ok. Kopioi alla oleva teksti ja tallenna se nimellä fix.reg työpöydälle (tallennusmuoto kaikki tiedostot). Sitten tuplaklikkaa sitä ja paina kyllä ja ok. Lähetä sitten l2mfix option 1:llä REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"=""
ok tässä olis... L2MFIX find log 1.99 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] "Logoff"="NavLogoffEvent" "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll" "StartShell"="NavStartShellEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-HALLINTA\SYSTEM (IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access LUOJA-OMISTAJA ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{C52160B0-9EDF-1D11-1ED5-643434566CB4}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto" "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{916C8406-FC1B-40BF-AA9C-5869D4761F88}"="" "{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"="" "{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"="" "{48A7FC0E-5187-429F-859D-9AA62B84E658}"="" "{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"="" "{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"="" "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions" "{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"="" "{099A3150-A10E-42D6-BE7E-566FA64F2F28}"="" "{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"="" "{C53E313C-0413-42B4-BC49-F61C9596F9FF}"="" "{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"="" "{42E89400-7921-401B-BC49-5FB3F219C34C}"="" "{48C3EC2A-484C-463A-8440-BABEBDD2630C}"="" "{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"="" "{AA8F64C8-8B7B-4717-9A09-43998B958896}"="" "{2185FB55-309A-4B7C-9C77-98A3089FAA03}"="" "{826295B6-8FE4-413C-ABFE-68F75599DC43}"="" "{655436C4-E4A5-4E51-B617-ACC50FE1677A}"="" "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32] @="C:\\WINDOWS\\system32\\rfvpmsg.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32] @="C:\\WINDOWS\\system32\\ofbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32] @="C:\\WINDOWS\\system32\\dbmasf.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32] @="C:\\WINDOWS\\system32\\dWdxof.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32] @="C:\\WINDOWS\\system32\\mkcbase.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32] @="C:\\WINDOWS\\system32\\smxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32] @="C:\\WINDOWS\\system32\\mjvcp60.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32] @="C:\\WINDOWS\\system32\\ndxpnt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32] @="C:\\WINDOWS\\system32\\ljc32vc0.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32] @="C:\\WINDOWS\\system32\\uercoina.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32] @="C:\\WINDOWS\\system32\\okbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32] @="C:\\WINDOWS\\system32\\oypdx32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32] @="C:\\WINDOWS\\system32\\sfxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32] @="C:\\WINDOWS\\system32\\nfmsapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\InprocServer32] @="C:\\WINDOWS\\system32\\lmbmp13n.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K 10 items found: 10 files, 0 directories. Total of file sizes: 1 266 072 bytes 1,21 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Asemalla C ei ole nime„. Aseman sarjanumero on 7C49-36F0 Kansio C:\WINDOWS\System32 28.11.2005 07:48 <KANSIO> dllcache 27.07.2005 13:30 <KANSIO> Microsoft 0 tiedosto(a) 0 tavua 2 kansio(ta) 87ÿ212ÿ457ÿ984 tavua vapaana
Ei toiminu. Yritäs uudestaan. Tallenna tuo ja tee kuten edellä ja lähetä sitten vielä uusi l2mfix option 1:llä. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"=""
joo kokeilen uudestaan.. tällasia löytää toi symantec: Scan type: Auto-Protect Scan Event: Threat Found! Threat: Backdoor.Sdbot File: C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027234.exe Location: C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159 Computer: ALLU-QPXEF5WQSG User: SYSTEM Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied Date found: 29. marraskuuta 2005 13:03:27 Scan type: Auto-Protect Scan Event: Threat Found! Threat: W32.Bleshare File: C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027239.exe Location: Quarantine Computer: ALLU-QPXEF5WQSG User: SYSTEM Action taken: Quarantine succeeded : Access denied Date found: 29. marraskuuta 2005 13:18:31 Scan type: Auto-Protect Scan Event: Threat Found! Threat: W32.Linkbot.M File: C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027364.exe Location: C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159 Computer: ALLU-QPXEF5WQSG User: SYSTEM Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied Date found: 29. marraskuuta 2005 15:48:33
tossa olis... L2MFIX find log 1.99 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] "Logoff"="NavLogoffEvent" "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll" "StartShell"="NavStartShellEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-HALLINTA\SYSTEM (IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access LUOJA-OMISTAJA ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{C52160B0-9EDF-1D11-1ED5-643434566CB4}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto" "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{916C8406-FC1B-40BF-AA9C-5869D4761F88}"="" "{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"="" "{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"="" "{48A7FC0E-5187-429F-859D-9AA62B84E658}"="" "{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"="" "{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"="" "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions" "{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"="" "{099A3150-A10E-42D6-BE7E-566FA64F2F28}"="" "{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"="" "{C53E313C-0413-42B4-BC49-F61C9596F9FF}"="" "{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"="" "{42E89400-7921-401B-BC49-5FB3F219C34C}"="" "{48C3EC2A-484C-463A-8440-BABEBDD2630C}"="" "{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"="" "{AA8F64C8-8B7B-4717-9A09-43998B958896}"="" "{2185FB55-309A-4B7C-9C77-98A3089FAA03}"="" "{826295B6-8FE4-413C-ABFE-68F75599DC43}"="" "{655436C4-E4A5-4E51-B617-ACC50FE1677A}"="" "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32] @="C:\\WINDOWS\\system32\\rfvpmsg.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32] @="C:\\WINDOWS\\system32\\ofbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32] @="C:\\WINDOWS\\system32\\dbmasf.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32] @="C:\\WINDOWS\\system32\\dWdxof.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32] @="C:\\WINDOWS\\system32\\mkcbase.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32] @="C:\\WINDOWS\\system32\\smxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32] @="C:\\WINDOWS\\system32\\mjvcp60.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32] @="C:\\WINDOWS\\system32\\ndxpnt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32] @="C:\\WINDOWS\\system32\\ljc32vc0.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32] @="C:\\WINDOWS\\system32\\uercoina.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32] @="C:\\WINDOWS\\system32\\okbcint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32] @="C:\\WINDOWS\\system32\\oypdx32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32] @="C:\\WINDOWS\\system32\\sfxcoins.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32] @="C:\\WINDOWS\\system32\\nfmsapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\InprocServer32] @="C:\\WINDOWS\\system32\\lmbmp13n.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K 10 items found: 10 files, 0 directories. Total of file sizes: 1 266 072 bytes 1,21 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Asemalla C ei ole nime„. Aseman sarjanumero on 7C49-36F0 Kansio C:\WINDOWS\System32 28.11.2005 07:48 <KANSIO> dllcache 27.07.2005 13:30 <KANSIO> Microsoft 0 tiedosto(a) 0 tavua 2 kansio(ta) 87ÿ188ÿ705ÿ280 tavua vapaana
Noi on kaikki järjestelmän palautus-kansiossa eli ei suurta hätää. Saat ne pois sieltä vaikka eScanilla -> http://koti.mbnet.fi/pattaya1/escanmwav.htm . Ohjeet löytyy tuolta sivulta. Lähetä sitten tänne "örkkitulokset" (ohje sivulla, alin kuva ja sen yläpuolella oleva teksti). Sen voit tehdä vaikka tuon l2mfixin jälkeen.
Nyt toimii linkki, sori. Ei tuo lähde millään pois, niin saa olla. Ei ole kuitenkaan kun rekisteriavain.
Ole hyvä. Jos vielä viitsit skannata tolla eScanilla(kun korjasin linkinkin ja laittaa tulokset tänne, niin olis hyvä
Tuo on hieman väärä loki, näyttää mitä se scannas. Se alempi laatikko siinä eScannissa pitää tänne postata! Todelliseksi örkkipesäksi paljastu kuitenkin kone. Poista tämä edellinen väärä eScannin loki. Tilalle laita: C juuressa olevasta Kasperskyn kansiosta mwXface tiedoston sisältö.
tässä [0x00000f2c] 29/11/2005 17:22:47:983 :[msvLclnt.dll]ModuleName = C:\Kaspersky\mwavscan.com [0x00000f2c] 29/11/2005 17:22:47:983 :[msvLclnt.dll]WARNING!!! "Autokey" Not Found [0x00000f2c] 29/11/2005 17:22:49:389 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400): [0x00000f2c] 29/11/2005 17:22:49:389 :[msvLclnt.dll]Mode ACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN [0x00000f2c] 29/11/2005 17:22:49:389 :[msvLclnt.dll]TimeOut : ffffffff [0x00000f2c] 29/11/2005 17:22:49:405 :[msvLclnt.dll]Priority : NORMAL [0x00000f2c] 29/11/2005 17:22:49:874 :[msvLclnt.dll]VirusCount = 160792 Latest Date = 2005/11/21 [0x00000d24] 29/11/2005 17:32:55:936 :[msvLclnt.dll]ModuleName = C:\Kaspersky\mwavscan.com [0x00000d24] 29/11/2005 17:32:55:936 :[msvLclnt.dll]Registry Key Deleted Properly!!! [0x00000d24] 29/11/2005 17:32:56:655 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400): [0x00000d24] 29/11/2005 17:32:56:655 :[msvLclnt.dll]Mode ACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN [0x00000d24] 29/11/2005 17:32:56:655 :[msvLclnt.dll]TimeOut : ffffffff [0x00000d24] 29/11/2005 17:32:56:655 :[msvLclnt.dll]Priority : NORMAL [0x00000d24] 29/11/2005 17:32:56:936 :[msvLclnt.dll]VirusCount = 162144 Latest Date = 2005/11/29 [0x000002e0] 29/11/2005 17:38:40:952 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80000.VBN infected by Trojan.Win32.LowZones.cq [0x000002e0] 29/11/2005 19:48:10:124 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80000.VBN infected by Trojan.Win32.LowZones.cq [0x000002e0] 29/11/2005 19:48:10:218 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80001.VBN infected by Trojan.Win32.LowZones.cq [0x000002e0] 29/11/2005 19:48:10:249 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80001.VBN infected by Trojan.Win32.LowZones.cq [0x000002e0] 29/11/2005 19:48:10:327 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80002.VBN infected by Trojan.Win32.LowZones.cq [0x000002e0] 29/11/2005 19:48:10:343 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80002.VBN infected by Trojan.Win32.LowZones.cq [0x000002e0] 29/11/2005 19:48:10:421 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80003.VBN infected by Trojan.Win32.LowZones.cq [0x000002e0] 29/11/2005 19:48:10:436 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80003.VBN infected by Trojan.Win32.LowZones.cq [0x000002e0] 29/11/2005 19:48:10:530 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80004.VBN infected by Backdoor.Win32.Codbot.bd [0x000002e0] 29/11/2005 19:48:10:577 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80004.VBN infected by Backdoor.Win32.Codbot.bd [0x000002e0] 29/11/2005 19:48:11:218 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80005.VBN infected by Backdoor.Win32.PoeBot.b [0x000002e0] 29/11/2005 19:48:11:327 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80005.VBN infected by Backdoor.Win32.PoeBot.b [0x000002e0] 29/11/2005 19:48:11:577 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80006.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:11:702 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80006.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:11:764 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80007.VBN infected by Trojan.Win32.LowZones.cq [0x000002e0] 29/11/2005 19:48:11:780 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80007.VBN infected by Trojan.Win32.LowZones.cq [0x000002e0] 29/11/2005 19:48:11:874 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03780000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:11:921 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03780000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:11:999 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03780001.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:12:030 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03780001.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:12:296 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03C80000.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:12:405 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03C80000.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:12:671 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\040C0000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:12:702 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\040C0000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:12:780 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:12:811 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:12:983 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40001.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:13:108 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40001.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:13:202 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40002.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:13:233 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40002.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:13:296 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40003.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:13:343 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40003.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:13:530 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40004.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:13:639 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40004.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:13:843 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40005.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:13:952 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40005.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:14:171 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:14:202 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:14:264 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540001.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:14:311 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540001.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:14:593 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0000.VBN infected by Backdoor.Win32.PoeBot.b [0x000002e0] 29/11/2005 19:48:14:686 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0000.VBN infected by Backdoor.Win32.PoeBot.b [0x000002e0] 29/11/2005 19:48:14:858 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0001.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:14:983 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0001.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:15:077 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08380000.VBN infected by Backdoor.Win32.Codbot.bd [0x000002e0] 29/11/2005 19:48:15:202 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08380000.VBN infected by Backdoor.Win32.Codbot.bd [0x000002e0] 29/11/2005 19:48:15:468 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08380001.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:15:593 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08380001.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:15:718 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08BC0000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:15:749 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08BC0000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:15:827 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:15:858 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:15:921 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80001.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:15:952 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80001.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:16:077 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09C00000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:16:108 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09C00000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:16:202 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:16:233 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440000.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:16:311 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440001.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:16:343 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440001.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:16:530 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440002.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:16:561 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440002.VBN infected by Trojan-Dropper.Win32.Agent.ye [0x000002e0] 29/11/2005 19:48:16:764 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440003.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:48:16:874 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440003.VBN infected by Trojan-Dropper.Win32.Paradrop.a [0x000002e0] 29/11/2005 19:53:02:624 :[msvLclnt.dll][00000001] File C:\Documents and Settings\allu\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe infected by Trojan-Downloader.Win32.TSUpdate.n [0x000002e0] 29/11/2005 19:53:02:952 :[msvLclnt.dll][00000001] File C:\Documents and Settings\allu\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe infected by Trojan-Downloader.Win32.TSUpdate.n [0x000002e0] 29/11/2005 20:05:07:968 :[msvLclnt.dll][00000001] File C:\Program Files\Common Files\rimu\rimup.exe infected by Trojan-Downloader.Win32.TSUpdate.f [0x000002e0] 29/11/2005 20:05:07:999 :[msvLclnt.dll][00000001] File C:\Program Files\Common Files\rimu\rimup.exe infected by Trojan-Downloader.Win32.TSUpdate.f [0x000002e0] 29/11/2005 20:05:46:702 :[msvLclnt.dll][00000001] File C:\Program Files\mIRC\mirc.exe infected by not-a-virus:Client-IRC.Win32.mIRC.616 [0x000002e0] 29/11/2005 20:06:40:764 :[msvLclnt.dll][00000001] File C:\stub_113_4_0_4_0.exe infected by Trojan-Downloader.Win32.TSUpdate.o [0x000002e0] 29/11/2005 20:06:40:811 :[msvLclnt.dll][00000001] File C:\stub_113_4_0_4_0.exe infected by Trojan-Downloader.Win32.TSUpdate.o [0x000002e0] 29/11/2005 20:06:43:389 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026913.exe infected by not-a-virus:AdWare.Win32.AdURL.c [0x000002e0] 29/11/2005 20:06:43:608 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026917.exe infected by Trojan-Downloader.Win32.Dyfuca.ei [0x000002e0] 29/11/2005 20:06:43:655 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026917.exe infected by Trojan-Downloader.Win32.Dyfuca.ei [0x000002e0] 29/11/2005 20:06:43:686 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026918.exe infected by Trojan-Downloader.Win32.Small.afq [0x000002e0] 29/11/2005 20:06:43:718 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026918.exe infected by Trojan-Downloader.Win32.Small.afq [0x000002e0] 29/11/2005 20:06:43:936 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026923.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:06:44:030 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026925.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:06:44:249 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026932.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:01:718 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027155.exe infected by Trojan.Win32.LowZones.am [0x000002e0] 29/11/2005 20:07:01:733 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027155.exe infected by Trojan.Win32.LowZones.am [0x000002e0] 29/11/2005 20:07:01:889 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027156.exe infected by Trojan.Win32.LowZones.am [0x000002e0] 29/11/2005 20:07:01:952 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027156.exe infected by Trojan.Win32.LowZones.am [0x000002e0] 29/11/2005 20:07:02:155 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027161.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:02:499 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027170.exe infected by Trojan.Win32.Delf.og [0x000002e0] 29/11/2005 20:07:02:546 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027170.exe infected by Trojan.Win32.Delf.og [0x000002e0] 29/11/2005 20:07:02:639 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027171.dll infected by Trojan-Spy.Win32.Agent.gk [0x000002e0] 29/11/2005 20:07:02:702 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027171.dll infected by Trojan-Spy.Win32.Agent.gk [0x000002e0] 29/11/2005 20:07:02:843 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027172.exe infected by Trojan-Spy.Win32.VB.eh [0x000002e0] 29/11/2005 20:07:02:905 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027172.exe infected by Trojan-Spy.Win32.VB.eh [0x000002e0] 29/11/2005 20:07:07:983 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027223.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:08:093 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027224.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:09:686 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027238.exe infected by Trojan-Downloader.Win32.Small.afq [0x000002e0] 29/11/2005 20:07:09:702 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027238.exe infected by Trojan-Downloader.Win32.Small.afq [0x000002e0] 29/11/2005 20:07:09:952 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027243.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:10:186 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027250.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:10:421 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027258.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:10:530 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027262.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:10:733 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027270.exe infected by Trojan-Downloader.Win32.Small.afq [0x000002e0] 29/11/2005 20:07:10:749 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027270.exe infected by Trojan-Downloader.Win32.Small.afq [0x000002e0] 29/11/2005 20:07:10:811 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027271.exe infected by Trojan.Win32.Delf.og [0x000002e0] 29/11/2005 20:07:10:858 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027271.exe infected by Trojan.Win32.Delf.og [0x000002e0] 29/11/2005 20:07:10:952 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027272.dll infected by Trojan-Spy.Win32.Agent.gk [0x000002e0] 29/11/2005 20:07:10:999 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027272.dll infected by Trojan-Spy.Win32.Agent.gk [0x000002e0] 29/11/2005 20:07:11:124 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027273.exe infected by Trojan-Spy.Win32.VB.eh [0x000002e0] 29/11/2005 20:07:11:186 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027273.exe infected by Trojan-Spy.Win32.VB.eh [0x000002e0] 29/11/2005 20:07:11:233 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027274.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:11:343 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027275.exe infected by Trojan.Win32.LowZones.am [0x000002e0] 29/11/2005 20:07:11:405 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027275.exe infected by Trojan.Win32.LowZones.am [0x000002e0] 29/11/2005 20:07:11:468 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027276.exe infected by Trojan-Downloader.Win32.Dyfuca.ei [0x000002e0] 29/11/2005 20:07:11:514 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027276.exe infected by Trojan-Downloader.Win32.Dyfuca.ei [0x000002e0] 29/11/2005 20:07:11:624 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027279.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:11:749 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027285.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:12:421 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027299.dll infected by not-a-virus:AdWare.Win32.WinAD.bs [0x000002e0] 29/11/2005 20:07:12:499 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027302.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:12:671 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027310.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:12:811 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027318.exe infected by Trojan-Downloader.Win32.Dyfuca.ei [0x000002e0] 29/11/2005 20:07:12:858 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027318.exe infected by Trojan-Downloader.Win32.Dyfuca.ei [0x000002e0] 29/11/2005 20:07:12:905 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027320.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:12:999 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027323.dll infected by not-a-virus:AdWare.Win32.E2Give.c [0x000002e0] 29/11/2005 20:07:13:124 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027325.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:13:280 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027330.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:13:343 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027332.exe infected by not-a-virus:AdWare.Win32.AdURL.c [0x000002e0] 29/11/2005 20:07:13:405 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027335.exe infected by Trojan.Win32.LowZones.am [0x000002e0] 29/11/2005 20:07:13:436 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027335.exe infected by Trojan.Win32.LowZones.am [0x000002e0] 29/11/2005 20:07:13:514 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027338.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:14:030 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027347.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:14:124 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027351.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:14:358 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027358.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:14:593 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027367.exe infected by Trojan-Downloader.Win32.VB.ri [0x000002e0] 29/11/2005 20:07:14:655 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027367.exe infected by Trojan-Downloader.Win32.VB.ri [0x000002e0] 29/11/2005 20:07:14:733 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027368.exe infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:14:827 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027369.exe infected by Trojan-Downloader.Win32.Small.buy [0x000002e0] 29/11/2005 20:07:14:889 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027369.exe infected by Trojan-Downloader.Win32.Small.buy [0x000002e0] 29/11/2005 20:07:14:952 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027370.exe infected by Trojan-Downloader.Win32.TSUpdate.l [0x000002e0] 29/11/2005 20:07:15:014 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027370.exe infected by Trojan-Downloader.Win32.TSUpdate.l [0x000002e0] 29/11/2005 20:07:15:093 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027371.exe infected by Trojan-Downloader.Win32.TSUpdate.n [0x000002e0] 29/11/2005 20:07:15:124 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027371.exe infected by Trojan-Downloader.Win32.TSUpdate.n [0x000002e0] 29/11/2005 20:07:15:186 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027372.exe infected by Trojan.Win32.VB.afn [0x000002e0] 29/11/2005 20:07:15:202 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027372.exe infected by Trojan.Win32.VB.afn [0x000002e0] 29/11/2005 20:07:15:280 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027373.exe infected by not-a-virus:AdWare.Win32.AdURL.c [0x000002e0] 29/11/2005 20:07:15:327 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027374.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:15:405 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027375.dll infected by Trojan-Spy.Win32.Agent.gk [0x000002e0] 29/11/2005 20:07:15:468 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027375.dll infected by Trojan-Spy.Win32.Agent.gk [0x000002e0] 29/11/2005 20:07:15:530 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027376.exe infected by Trojan.Win32.Delf.og [0x000002e0] 29/11/2005 20:07:15:577 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027376.exe infected by Trojan.Win32.Delf.og [0x000002e0] 29/11/2005 20:07:15:639 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027377.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:15:718 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027378.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:15:764 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027379.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:15:827 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027380.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:15:874 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027381.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:15:968 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027382.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:16:014 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027383.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:16:077 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027384.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:16:139 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027385.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:16:171 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027386.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:16:233 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027387.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:16:296 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027388.exe infected by Trojan.Win32.StartPage.aw [0x000002e0] 29/11/2005 20:07:16:311 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027388.exe infected by Trojan.Win32.StartPage.aw [0x000002e0] 29/11/2005 20:07:19:014 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027410.dll infected by not-a-virus:AdWare.Win32.E2Give.c [0x000002e0] 29/11/2005 20:07:19:218 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027416.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:19:311 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027417.exe infected by Trojan-Spy.Win32.VB.eh [0x000002e0] 29/11/2005 20:07:19:374 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027417.exe infected by Trojan-Spy.Win32.VB.eh [0x000002e0] 29/11/2005 20:07:19:546 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027420.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:20:655 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027445.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:20:702 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027446.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:20:889 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027453.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:20:952 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027454.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:21:061 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027458.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:21:264 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027465.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:21:343 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027466.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:21:624 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027477.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:21:936 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027488.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:22:155 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027496.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:22:218 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027497.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:22:343 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027500.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:22:593 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027509.dLL infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:28:374 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027571.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:28:514 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027573.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:28:921 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027585.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:28:983 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027586.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:29:702 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027617.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:29:749 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027618.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:29:811 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027619.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:29:889 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027620.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab [0x000002e0] 29/11/2005 20:07:32:046 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP163\A0027648.exe infected by Trojan-Downloader.Win32.TSUpdate.f [0x000002e0] 29/11/2005 20:07:32:077 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP163\A0027648.exe infected by Trojan-Downloader.Win32.TSUpdate.f [0x000002e0] 29/11/2005 20:07:32:139 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP163\A0027649.exe infected by Trojan-Downloader.Win32.TSUpdate.o [0x000002e0] 29/11/2005 20:07:32:186 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP163\A0027649.exe infected by Trojan-Downloader.Win32.TSUpdate.o [0x000002e0] 29/11/2005 20:11:37:983 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WLUN0XAR\MediaGateway[1].exe infected by not-a-virus:AdWare.Win32.WinAD.bt [0x000002e0] 29/11/2005 20:15:22:811 :[msvLclnt.dll]VirusCount = 162144 Latest Date = 2005/11/29 [0x00000d24] 29/11/2005 22:42:19:280 :[msvLclnt.dll]VirusCount = 162144 Latest Date = 2005/11/29
Vielä on kone puhdistettava. Hae CCleaner Lataa -> http://www.filehippo.com/download/e9b4dd0b974788db2d13344d8411cdc... aja läpi ja poista turhat tiedostot. ewido, Päivitä, aja koko kone läpi, poista mitä löytää.
tää linkki ei toimi... http://www.filehippo.com/download/e9b4dd0b974788db2d13344d8411cdc... ewido mulla jo onkin..