HJT- logi voiko joku kattoo?

NaabKilla · Jan 8, 2006

ei toiminu

-kemisti- · Jan 8, 2006

Sitten tehdään toisella tavalla.

Hae spysweeper -> http://www.webroot.com/uk/downloads/
Asenna ja päivitä se. Käynnistä vikasietotilaan ja skannaa sillä siellä. Anna poistaa, mitä löytää.

Käynnistä uudestaan.

Aja l2mfix optiolla 1

Lähetä uusi HjT-loki ja l2mfix-loki.

NaabKilla · Jan 9, 2006

toi spysweepper löytää kaikkee mutta niitä ei pysty poistaa koska siihen pitää rekisteröityä

-kemisti- · Jan 9, 2006

Kyllä sen pitäis poistaa. Se vaatii kyllä rekisteröinnin, mutta se ei ole maksullinen.

EDIT: Jos ei siltikään lähde, niin tee näin:

Hae ewido -> http://www.ewido.net/en/download

Asenna ja päivitä se.

Käynnistä vikasietotilaan

Skannaa ewidolla. Anna poistaa, mitä löytää ja tallenna raportti.Käynnistä uudelleen.

Aja l2mfix optiolla 1.

Lähetä uusi HjT-loki, l2mfixin loki ja ewidon raportti tänne.

ratnunter · Jan 10, 2006

se salasana on muuten tyhjä

-kemisti- · Jan 10, 2006

Tämä selvä, ratnunter

Eli NaabKilla, aja se l2mfix optiolla 2 ja salasanaksi ei mitään.

Lähetä uusi HjT-loki ja l2mfixin loki.

Jos ei onnistu, niin tee sitten se ewido-juttu.

NaabKilla · Jan 10, 2006

nonii hjt:

Logfile of HijackThis v1.99.1
Scan saved at 21:21:45, on 10.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Atte\Työpöytä\Tärkeät\Bop-Pop.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Netti-Kilpi\Nettikilpi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: MSN Search -työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "c:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [Bob-PopUp Killer 1.0 Freeware] C:\Documents and Settings\Atte\Työpöytä\Tärkeät\Bop-Pop.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Netti-Kilpi] C:\Program Files\Netti-Kilpi\Nettikilpi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/230?b4a19586e799488e88f59ad042da54
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/229?b4a19586e799488e88f59ad042da54
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {3AF9DDB3-4B1E-48EA-B46F-06E11307AA37} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {9E44C300-2F21-409E-A3E7-434951071ED8} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {E17ECC18-5939-4DF1-9D58-AD487C6103F4} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\ktjsl7171.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

& Ewido:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 19:56:41, 10.1.2006
+ Report-Checksum: EA1F761B

+ Scan result:

[684] C:\WINDOWS\system32\imv6mon.dll -> Spyware.Look2Me : Cleaned with backup
[808] C:\WINDOWS\system32\imv6mon.dll -> Spyware.Look2Me : Error during cleaning
C:\CursorManiaSetup2.0.3.20.exe -> Spyware.MyWebSearch : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\hrpurgb8.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Atte\Local Settings\Temp\Cookies\atte@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Atte\Local Settings\Temp\Cookies\atte@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Atte\Local Settings\Temp\Cookies\atte@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Atte\Local Settings\Temp\Cookies\atte@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Atte\Local Settings\Temp\Cookies\atte@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Atte\Local Settings\Temp\Cookies\atte@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Atte\Local Settings\Temp\Temporary Internet Files\Content.IE5\AGCW5UIV\count3[1].gif -> Dropper.Small.akr : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aea2l9ho1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\az18013ue.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\az1mle911h.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\az1ol1l31.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\az1ql3551.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\az1qlgd5160.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\az1s0c77ef.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\az1sl5f71.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\az1u0el9ehq.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\az1uleh91h4.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\az3sl5f71.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza0033me.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza00g3me6.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza02cfmgf2a2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza0l9jm1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza0li1m18.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza20idoe80c0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza2l9ho1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza40ahqed4e0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza40elqehqe0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza4l95q1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza6l17s1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza6li7s18.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza8013ue.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza8091ue.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza80a5ued.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza8l91u1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\aza8lgju16o8.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azam0ah1ed4.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azamle911h.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azao0ej3eho.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azaol1l31.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azaolej31ho.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azaolg7316.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azaq0ij5e8o.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azaql3551.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azaql9j51.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azaqlcf51f2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azaqlgd5160.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azas03d7e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azas0c77ef.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azasl5f71.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azasl9d71.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azaslg9716.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azau0eh9eh4.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azau0el9ehq.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azau0if9e82.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azauleh91h4.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azcmle911h.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azcsl5f71.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\azculeh91h4.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\bhhci.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\butsprx2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\c4002edmgh0a2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\c6002gdmg60a2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\cdcui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\chvfat.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\cicdll.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\cuaPLRegSvr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\cwyptnet.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\d00mlad11d0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\d4j00e1meh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\d8j00i1me8.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\d8j0li1m18.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\damv2clt.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dn0801due.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dn0q01d5e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dn2001fme.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dn4201hoe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dn4801hue.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dn6m01j1e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dn6s01j7e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dn8201loe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dn8o01l3e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dn8q01l5e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dnj8011ue.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dnl0013me.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dnl6013se.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dnl8013ue.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dnnq0155e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dnp6017se.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dnpm0171e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dnr8019ue.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dnru0199e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\druiext.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\dtdskres.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\duband.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\e0jmla111d.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\e2202cfmgf2a2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\e2jmlc111f.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\e4020edoeh0c0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\e8020idoe80c0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\edsvc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\emts.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\en24l1fq1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\en4ml1h11.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\en8ol1l31.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\enl6l13s1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\enlml1311.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\enlql1351.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\enp6l17s1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\enr4l19q1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\f20olcd31f0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\f42m0ef1eh2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\f4l00e3meh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\f4l02e3mgh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\f6l00g3me6.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\f8j20i1oe8.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\f8j2li1o18.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fjntext.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fjstudio.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fn0021dmg.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fp0s03d7e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fp2203foe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fp4603hse.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fp8403lqe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fp8q03l5e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fpj2031oe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fpjm0311e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fpl0033me.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fpnu0359e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fppo0373e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fprq0395e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\fTj2li1o18.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\g0220afoed2c0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\g0lm0a31ed.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\g0lmla311d.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\g222lcfo1f2c.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\g4jo0e13eh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\g6040gdqe60e0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\g6402ghmg64a2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gJlmla311d.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gntuname.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gp00l3dm1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gp02l3do1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gp2sl3f71.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gp44l3hq1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gp46l3hs1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gp4ol3h31.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gp60l3jm1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gp62l3jo1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gp84l3lq1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gpjml3111.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gpn4l35q1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gpnql3551.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gpp8l37u1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\gprql3951.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\h04m0ah1ed4.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\h2j40c1qef.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\h4n0le5m1h.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\h60qlgd5160.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\h6l20g3oe6.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\h82o0if3e82.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\h82olif3182.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\hgp95en.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\hpl0233mg.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\hr0005dme.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\hr6s05j7e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\hrls0537e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\hrpu0579e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\i0lola331d.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\i2600cjmefoa0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\i4lole331h.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\i6600gjme6oa0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\i660lgjm16oa.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\i6jq0g15e6.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\i824lifq182e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ipj8l51u1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ir22l5fo1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ir2sl5f71.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ir44l5hq1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ir6sl5j71.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ir82l5lo1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\irj0l51m1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\irj8l51u1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\irnsl5571.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\irr0l59m1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\irr8l59u1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\irrol5931.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\irrql5951.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\j22qlcf51f2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\j24o0ch3ef4.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\j2n20c5oef.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\j4j60e1seh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\j6n2lg5o16.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\j80s0id7e80.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\j8n2li5o18.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\jrj0251mg.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\jt2u07f9e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\jt4007hme.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\jt4607hse.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\jt8407lqe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\jt8s07l7e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\jtlu0739e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\jtp8077ue.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\jtr2079oe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\jtr4079qe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\jtr8079ue.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\jzr2079oe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\k0260afsed260.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\k0440ahqed4e0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\k0nola531d.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\k2lqlc351f.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\k4lqle351h.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\k4no0e53eh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\k662lgjo16oc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\k6pm0g71e6.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\k826lifs1826.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\k8jsli1718.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\k8pmli7118.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\knuser.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ksdit142.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ksdusl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\kt02l7do1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\kt04l7dq1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\kt26l7fs1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\kt46l7hs1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\kt82l7lo1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\kt86l7ls1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\kt88l7lu1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\kt8sl7l71.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ktjsl7171.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ktpml7711.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ktrol7931.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\kwdest.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\kx26l7fs1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l22s0cf7ef2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l22slcf71f2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l2p2lc7o1f.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l42s0ef7eh2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l42slef71h2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l46o0ej3eho.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l46olej31ho.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l64q0gh5e64.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l6j8lg1u16.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l6n40g5qe6.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l80ulid9180.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l8p20i7oe8.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\l8r0li9m18.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\lcdsvc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\lcrmonui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\lGr0li9m18.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\lkdis13n.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ltl0273mg.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\lv0s09d7e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\lv4209hoe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\lv4809hue.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\lv8m09l1e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\lvj8091ue.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\lvl2093oe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\lvlm0931e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\lvno0953e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\m2nqlc551f.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\m4820eloehqc0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\m4rmle911h.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\m646lghs1646.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\m682lglo16qc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\m6lslg3716.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\m6polg7316.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\m828lifu1828.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\m864lijq18oe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\m8po0i73e8.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mbls31.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mcnetobj.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mivcirt.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mjdtcprx.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mjrd3x40.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mlorc32r.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\MPC42ESP.DLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\msndex.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mTpi32x.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mv02l9do1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mv0ml9d11.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mv0sl9d71.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mv28l9fu1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mv2ml9f11.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mv42l9ho1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mv60l9jm1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mv6ql9j51.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mv8ol9l31.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mvj4l91q1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mvj8l91u1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mvjsl9171.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mvl4l93q1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mvl6l93s1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mvn4l95q1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mvnol9531.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mvnul9591.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mvp0l97m1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mvp8l97u1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mwawups2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mwoert2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\mwr2c.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\MYC42KOR.DLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\myi.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\myl_qic.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\n26q0cj5efo.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\n26qlcj51fo.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\n2p4lc7q1f.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\n4l80e3ueh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\n4l8le3u1h.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\n6n60g5se6.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\n82u0if9e82.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\n82ulif9182.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\n86q0ij5e8o.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\NFSEcw.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\niwdev.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\njcpl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\njtapi.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\NLTWMAFile.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\o2480chuef480.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\o266lcjs1fo6.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\o2ns0c57ef.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\o4840elqehqe0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\o4ns0e57eh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\o4nsle571h.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\o6nslg5716.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\opuninst.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\oqdbse32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\oUkley.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p04ulah91d4.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p0n80a5ued.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p0n8la5u1d.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p0p6la7s1d.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p2p6lc7s1f.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p44u0eh9eh4.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p44uleh91h4.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p46s0ej7eho.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p48q0el5ehq.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p48qlel51hq.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p66slgj716o.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p8n80i5ue8.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p8p6li7s18.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\p8r40i9qe8.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ped.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\PJMAPI16.DLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\pkhread.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\Plbole32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\PVDLIB32.DLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\q0ps0a77ed.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\q2ps0c77ef.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\q4680ejueho80.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\q668lgju16o8.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\q886lils18q6.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\quap.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\r08slal71dq.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\r28slcl71fq.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\r4p80e7ueh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\rFssapi.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\rmpsnd.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\rQsdlg.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\rucrt4.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\s6rslg9716.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\sbsinv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\spellstyle.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\sPmsrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\svdoclc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\swsbkup.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\syrmfilt.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\t2r8lc9u1f.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\t48u0el9ehq.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\tDpi3.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\tNpi.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\ulnp.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\vxa256.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\wdvdmoe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\wfv8dmod.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\wH2topl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\wkvcore2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\wtspdmod.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\wucsvc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\wyhrm.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Atte\Työpöytä\l2mfix\dlls\xeltok.dll -> Spyware.Look2Me : Cleaned with backup
C:\NNuninstall.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Common Files\zkqo\zkqop.exe -> Spyware.Xupiter : Cleaned with backup
C:\Program Files\CursorXP\CursorManiaSetup2.0.3.12.exe -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup
C:\WinAntiSpyware2005ScannerInstall.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WinAntiVirusPro2006ScannerInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup
C:\WINDOWS\system32\d8j0li1m18.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\e020lafm1d2a.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\gp68l3ju1.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\imv6mon.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\jeiurbtn.exe -> Downloader.Tiny.ao : Cleaned with backup
C:\WINDOWS\system32\nhwcdcls.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pddx5032.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\sxclient.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\uznp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wqhext.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\Cookies\atte@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

::Report End

& l2mfix

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\ktjsl7171.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{92B9CAA7-B109-4C10-50C1-AF9B8661FBDA}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="N„yt”n CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web-kansiot"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{616c1f06-bad8-11d2-b355-00104b642749}"="Microangelo Context Menu Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}"="wodShellMenu"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{13E7F612-F261-4391-BEA2-39DF4F3FA311}"="Windows-ty”p”yt„haku"
"{97090E2F-3062-4459-855B-014F0D3CDBB1}"="MSN Deskbar"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}"=""
"{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}"=""
"{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}"=""
"{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D426CFD0-87FC-4906-98D9-A23F5D515D61}]
@="MSN Desktop Search Outlook Express ISearchFolder Class"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\InprocServer32]
@="C:\\WINDOWS\\system32\\myiqtz32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\InprocServer32]
@="C:\\WINDOWS\\system32\\cucfg32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\InprocServer32]
@="C:\\WINDOWS\\system32\\mbcms.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Aseman C nimi on ATEN_KONE
Aseman sarjanumero on 444C-69EF

Kansio C:\WINDOWS\System32

10.01.2006 20:16 236ÿ698 guard.tmp
10.01.2006 20:12 236ÿ698 mbcms.dll
10.01.2006 20:01 236ÿ698 o884lilq18qe.dll
10.01.2006 19:57 234ÿ981 ktnul7591.dll
10.01.2006 18:12 236ÿ698 ktjsl7171.dll
10.01.2006 18:08 236ÿ294 n2p40c7qef.dll
08.01.2006 12:16 6ÿ429 ntt32.inf
03.01.2006 23:38 74 ospcont.tem
15.12.2005 16:04 <KANSIO> dllcache
30.11.2005 17:11 0 dnp2017oe.dll
09.06.2004 05:20 <KANSIO> Microsoft
9 tiedosto(a) 1ÿ424ÿ570 tavua
2 kansio(ta) 34ÿ283ÿ524ÿ096 tavua vapaana

Meniköhän oikein

-kemisti- · Jan 10, 2006

Aja se l2mfix optiolla 2 ja lähetä sen loki ja uusi HjT-loki tänne.

Jos ei onnistu, niin lähetä uusi HjT-loki ja l2mfixin loki optiolla 1 ajettuna. Tosta ei ole enää hyötyä, koska noiden l2m:n tiedostojen nimet vaihtuu joka buutilla.

NaabKilla · Jan 12, 2006

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n24s0ch7ef4.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{92B9CAA7-B109-4C10-50C1-AF9B8661FBDA}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="N„yt”n CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web-kansiot"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{616c1f06-bad8-11d2-b355-00104b642749}"="Microangelo Context Menu Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}"="wodShellMenu"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{13E7F612-F261-4391-BEA2-39DF4F3FA311}"="Windows-ty”p”yt„haku"
"{97090E2F-3062-4459-855B-014F0D3CDBB1}"="MSN Deskbar"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}"=""
"{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}"=""
"{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}"=""
"{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}"=""
"{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}"=""
"{1D637718-E25A-41D9-8013-9B8168AC5D0C}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D426CFD0-87FC-4906-98D9-A23F5D515D61}]
@="MSN Desktop Search Outlook Express ISearchFolder Class"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\InprocServer32]
@="C:\\WINDOWS\\system32\\myiqtz32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\InprocServer32]
@="C:\\WINDOWS\\system32\\cucfg32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\InprocServer32]
@="C:\\WINDOWS\\system32\\nk_msgc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwjetoledb40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\InprocServer32]
@="C:\\WINDOWS\\system32\\Atresx32.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
**********************************************************************************
Directory Listing of system files:
Aseman C nimi on ATEN_KONE
Aseman sarjanumero on 444C-69EF

Kansio C:\WINDOWS\System32

12.01.2006 06:42 236ÿ698 fp4o03h3e.dll
11.01.2006 21:55 233ÿ619 n24s0ch7ef4.dll
11.01.2006 21:45 234ÿ162 mv28l9fu1.dll
11.01.2006 21:38 236ÿ698 Atresx32.dll
11.01.2006 21:38 234ÿ172 o848lihu1848.dll
11.01.2006 20:21 236ÿ698 g622lgfo162c.dll
11.01.2006 20:12 233ÿ610 l42s0ef7eh2.dll
11.01.2006 01:01 236ÿ698 q2680cjuefo80.dll
10.01.2006 21:42 236ÿ698 nk_msgc.dll
10.01.2006 20:12 236ÿ698 mbcms.dll
10.01.2006 20:01 236ÿ698 o884lilq18qe.dll
10.01.2006 19:57 234ÿ981 ktnul7591.dll
10.01.2006 18:08 236ÿ294 n2p40c7qef.dll
08.01.2006 12:16 6ÿ429 ntt32.inf
03.01.2006 23:38 74 ospcont.tem
15.12.2005 16:04 <KANSIO> dllcache
30.11.2005 17:11 0 dnp2017oe.dll
09.06.2004 05:20 <KANSIO> Microsoft
16 tiedosto(a) 3ÿ070ÿ227 tavua
2 kansio(ta) 34ÿ247ÿ655ÿ424 tavua vapaana

Ja

Logfile of HijackThis v1.99.1
Scan saved at 22:15:33, on 12.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Atte\Työpöytä\Tärkeät\Bop-Pop.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Netti-Kilpi\Nettikilpi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: MSN Search -työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "c:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [Bob-PopUp Killer 1.0 Freeware] C:\Documents and Settings\Atte\Työpöytä\Tärkeät\Bop-Pop.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Netti-Kilpi] C:\Program Files\Netti-Kilpi\Nettikilpi.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/230?b4a19586e799488e88f59ad042da54
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/229?b4a19586e799488e88f59ad042da54
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {3AF9DDB3-4B1E-48EA-B46F-06E11307AA37} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {9E44C300-2F21-409E-A3E7-434951071ED8} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {E17ECC18-5939-4DF1-9D58-AD487C6103F4} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\n24s0ch7ef4.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-kemisti- · Jan 12, 2006

Kokeillaas vielä sitä spysweeperiä.

Hae se täältä -> http://www.webroot.com/shoppingcart/tryme.php?bjpc=64011&vcode=DT02

Käynnistä vikasietotilaan ja skanna sillä. Anna poistaa mitä löytää.

Käynnistä uudelleen, lähetä uusi HjT-loki ja l2mfixin loki ajettuna option 1:llä.

NaabKilla · Jan 13, 2006

Logfile of HijackThis v1.99.1
Scan saved at 11:45:53, on 14.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Atte\Työpöytä\Tärkeät\Bop-Pop.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Netti-Kilpi\Nettikilpi.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: MSN Search -työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "c:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [Bob-PopUp Killer 1.0 Freeware] C:\Documents and Settings\Atte\Työpöytä\Tärkeät\Bop-Pop.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Netti-Kilpi] C:\Program Files\Netti-Kilpi\Nettikilpi.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/230?b4a19586e799488e88f59ad042da54
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/229?b4a19586e799488e88f59ad042da54
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {3AF9DDB3-4B1E-48EA-B46F-06E11307AA37} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {9E44C300-2F21-409E-A3E7-434951071ED8} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {E17ECC18-5939-4DF1-9D58-AD487C6103F4} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\r0p8la7u1d.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

&

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\r0p8la7u1d.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{92B9CAA7-B109-4C10-50C1-AF9B8661FBDA}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="N„yt”n CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web-kansiot"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{616c1f06-bad8-11d2-b355-00104b642749}"="Microangelo Context Menu Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}"="wodShellMenu"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{13E7F612-F261-4391-BEA2-39DF4F3FA311}"="Windows-ty”p”yt„haku"
"{97090E2F-3062-4459-855B-014F0D3CDBB1}"="MSN Deskbar"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}"=""
"{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}"=""
"{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}"=""
"{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}"=""
"{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}"=""
"{1D637718-E25A-41D9-8013-9B8168AC5D0C}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D426CFD0-87FC-4906-98D9-A23F5D515D61}]
@="MSN Desktop Search Outlook Express ISearchFolder Class"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\InprocServer32]
@="C:\\WINDOWS\\system32\\myiqtz32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\InprocServer32]
@="C:\\WINDOWS\\system32\\cucfg32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\InprocServer32]
@="C:\\WINDOWS\\system32\\nk_msgc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\InprocServer32]
@="C:\\WINDOWS\\system32\\pmpusb.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\InprocServer32]
@="C:\\WINDOWS\\system32\\Atresx32.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
**********************************************************************************
Directory Listing of system files:
Aseman C nimi on ATEN_KONE
Aseman sarjanumero on 444C-69EF

Kansio C:\WINDOWS\System32

14.01.2006 11:29 235ÿ489 pmpusb.dll
14.01.2006 01:31 233ÿ619 dnpm0171e.dll
14.01.2006 01:28 235ÿ489 r0p8la7u1d.dll
14.01.2006 01:27 235ÿ118 mvr4l99q1.dll
14.01.2006 01:26 233ÿ619 Ledgn14s.dll
14.01.2006 01:26 234ÿ431 l2j80c1uef.dll
14.01.2006 01:25 233ÿ619 ipitpki.dll
14.01.2006 01:25 234ÿ322 fp0s03d7e.dll
14.01.2006 01:24 233ÿ619 dkkquota.dll
14.01.2006 01:24 234ÿ306 jt8607lse.dll
14.01.2006 01:23 233ÿ619 cticonfg.dll
14.01.2006 01:21 234ÿ884 h82o0if3e82.dll
14.01.2006 01:21 233ÿ619 twemeui.dll
14.01.2006 01:21 234ÿ103 o4840elqehqe0.dll
14.01.2006 01:21 233ÿ619 rebdyctl.dll
14.01.2006 01:21 234ÿ664 ir40l5hm1.dll
14.01.2006 01:19 233ÿ619 ngdsapi.dll
14.01.2006 01:18 236ÿ698 n6r20g9oe6.dll
11.01.2006 21:45 234ÿ162 mv28l9fu1.dll
11.01.2006 21:38 236ÿ698 Atresx32.dll
11.01.2006 21:38 234ÿ172 o848lihu1848.dll
11.01.2006 20:21 236ÿ698 g622lgfo162c.dll
11.01.2006 20:12 233ÿ610 l42s0ef7eh2.dll
11.01.2006 01:01 236ÿ698 q2680cjuefo80.dll
10.01.2006 21:42 236ÿ698 nk_msgc.dll
10.01.2006 20:12 236ÿ698 mbcms.dll
10.01.2006 20:01 236ÿ698 o884lilq18qe.dll
10.01.2006 19:57 234ÿ981 ktnul7591.dll
10.01.2006 18:08 236ÿ294 n2p40c7qef.dll
08.01.2006 12:16 6ÿ429 ntt32.inf
03.01.2006 23:38 74 ospcont.tem
15.12.2005 16:04 <KANSIO> dllcache
30.11.2005 17:11 0 dnp2017oe.dll
09.06.2004 05:20 <KANSIO> Microsoft
32 tiedosto(a) 6ÿ818ÿ366 tavua
2 kansio(ta) 33ÿ872ÿ896ÿ000 tavua vapaana

-kemisti- · Jan 13, 2006

Eikä vieläkään.

Saa kohta l2m-örkki katua syntymäänsä

Fixaa tämä rivi HjT:llä:

O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\r0p8la7u1d.dll

Hae KillBox

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopioi rivit tosta alapuolelta yhellä kertaa

C:\WINDOWS\system32\pmpusb.dll
C:\WINDOWS\system32\dnpm0171e.dll
C:\WINDOWS\system32\r0p8la7u1d.dll
C:\WINDOWS\system32\mvr4l99q1.dll
C:\WINDOWS\system32\Ledgn14s.dll
C:\WINDOWS\system32\l2j80c1uef.dll
C:\WINDOWS\system32\ipitpki.dll
C:\WINDOWS\system32\fp0s03d7e.dll
C:\WINDOWS\system32\dkkquota.dll
C:\WINDOWS\system32\jt8607lse.dll
C:\WINDOWS\system32\cticonfg.dll
C:\WINDOWS\system32\h82o0if3e82.dll
C:\WINDOWS\system32\twemeui.dll
C:\WINDOWS\system32\o4840elqehqe0.dll
C:\WINDOWS\system32\rebdyctl.dll
C:\WINDOWS\system32\ir40l5hm1.dll
C:\WINDOWS\system32\ngdsapi.dll
C:\WINDOWS\system32\n6r20g9oe6.dll
C:\WINDOWS\system32\mv28l9fu1.dll
C:\WINDOWS\system32\Atresx32.dll
C:\WINDOWS\system32\o848lihu1848.dll
C:\WINDOWS\system32\g622lgfo162c.dll
C:\WINDOWS\system32\l42s0ef7eh2.dll
C:\WINDOWS\system32\q2680cjuefo80.dll
C:\WINDOWS\system32\nk_msgc.dll
C:\WINDOWS\system32\mbcms.dll
C:\WINDOWS\system32\o884lilq18qe.dll
C:\WINDOWS\system32\ktnul7591.dll
C:\WINDOWS\system32\n2p40c7qef.dll
C:\WINDOWS\system32\dnp2017oe.dll
C:\WINDOWS\system32\guard.tmp

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin(siis vastaa kysymykseen "do you want reboot now? yes vasta guard.tmp:n kohdalla kyllä) ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Lähetä sen jälkeen uus Hijack-logi ja l2mfix-loki ajettuna option 1:llä

NaabKilla · Jan 14, 2006

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MSSYCLM]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\dnpm0171e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{92B9CAA7-B109-4C10-50C1-AF9B8661FBDA}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="N„yt”n CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web-kansiot"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{616c1f06-bad8-11d2-b355-00104b642749}"="Microangelo Context Menu Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}"="wodShellMenu"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{13E7F612-F261-4391-BEA2-39DF4F3FA311}"="Windows-ty”p”yt„haku"
"{97090E2F-3062-4459-855B-014F0D3CDBB1}"="MSN Deskbar"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}"=""
"{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}"=""
"{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}"=""
"{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}"=""
"{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}"=""
"{1D637718-E25A-41D9-8013-9B8168AC5D0C}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D426CFD0-87FC-4906-98D9-A23F5D515D61}]
@="MSN Desktop Search Outlook Express ISearchFolder Class"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\InprocServer32]
@="C:\\WINDOWS\\system32\\myiqtz32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\InprocServer32]
@="C:\\WINDOWS\\system32\\cucfg32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\InprocServer32]
@="C:\\WINDOWS\\system32\\nk_msgc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\InprocServer32]
@="C:\\WINDOWS\\system32\\LACLR14s.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\InprocServer32]
@="C:\\WINDOWS\\system32\\Atresx32.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Directory Listing of system files:
Aseman C nimi on ATEN_KONE
Aseman sarjanumero on 444C-69EF

Kansio C:\WINDOWS\System32

14.01.2006 12:21 233ÿ619 guard.tmp
14.01.2006 12:15 233ÿ619 LACLR14s.dll
14.01.2006 12:13 235ÿ489 aza8l9fu1.dll
14.01.2006 01:31 233ÿ619 dnpm0171e.dll
14.01.2006 01:27 235ÿ118 mvr4l99q1.dll
14.01.2006 01:26 233ÿ619 Ledgn14s.dll
14.01.2006 01:26 234ÿ431 l2j80c1uef.dll
14.01.2006 01:25 233ÿ619 ipitpki.dll
14.01.2006 01:25 234ÿ322 fp0s03d7e.dll
14.01.2006 01:24 233ÿ619 dkkquota.dll
14.01.2006 01:24 234ÿ306 jt8607lse.dll
14.01.2006 01:23 233ÿ619 cticonfg.dll
14.01.2006 01:21 234ÿ884 h82o0if3e82.dll
14.01.2006 01:21 233ÿ619 twemeui.dll
14.01.2006 01:21 234ÿ103 o4840elqehqe0.dll
14.01.2006 01:21 233ÿ619 rebdyctl.dll
14.01.2006 01:21 234ÿ664 ir40l5hm1.dll
14.01.2006 01:19 233ÿ619 ngdsapi.dll
14.01.2006 01:18 236ÿ698 n6r20g9oe6.dll
11.01.2006 21:45 234ÿ162 mv28l9fu1.dll
11.01.2006 21:38 236ÿ698 Atresx32.dll
11.01.2006 21:38 234ÿ172 o848lihu1848.dll
11.01.2006 20:21 236ÿ698 g622lgfo162c.dll
11.01.2006 20:12 233ÿ610 l42s0ef7eh2.dll
11.01.2006 01:01 236ÿ698 q2680cjuefo80.dll
10.01.2006 21:42 236ÿ698 nk_msgc.dll
10.01.2006 20:12 236ÿ698 mbcms.dll
10.01.2006 20:01 236ÿ698 o884lilq18qe.dll
10.01.2006 19:57 234ÿ981 ktnul7591.dll
10.01.2006 18:08 236ÿ294 n2p40c7qef.dll
08.01.2006 12:16 6ÿ429 ntt32.inf
03.01.2006 23:38 74 ospcont.tem
15.12.2005 16:04 <KANSIO> dllcache
30.11.2005 17:11 0 dnp2017oe.dll
09.06.2004 05:20 <KANSIO> Microsoft
33 tiedosto(a) 7ÿ050ÿ115 tavua
2 kansio(ta) 33ÿ872ÿ347ÿ136 tavua vapaana

Logfile of HijackThis v1.99.1
Scan saved at 12:31:56, on 14.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Atte\Työpöytä\Tärkeät\Bop-Pop.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Netti-Kilpi\Nettikilpi.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: MSN Search -työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "c:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [Bob-PopUp Killer 1.0 Freeware] C:\Documents and Settings\Atte\Työpöytä\Tärkeät\Bop-Pop.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Netti-Kilpi] C:\Program Files\Netti-Kilpi\Nettikilpi.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/230?b4a19586e799488e88f59ad042da54
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/229?b4a19586e799488e88f59ad042da54
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {3AF9DDB3-4B1E-48EA-B46F-06E11307AA37} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {9E44C300-2F21-409E-A3E7-434951071ED8} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {E17ECC18-5939-4DF1-9D58-AD487C6103F4} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\dnpm0171e.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-kemisti- · Jan 14, 2006

Sitten seuraava konsti:

Fixaa tämä:

O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\dnpm0171e.dll

Avaa Killbox ja valitse Replace on reboot ja merkkaa "Use dummy".

Sitte kopioi rivit tosta alapuolelta yhellä kertaa:

C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\LACLR14s.dll
C:\WINDOWS\system32\aza8l9fu1.dll
C:\WINDOWS\system32\dnpm0171e.dll
C:\WINDOWS\system32\mvr4l99q1.dll
C:\WINDOWS\system32\Ledgn14s.dll
C:\WINDOWS\system32\l2j80c1uef.dll
C:\WINDOWS\system32\ipitpki.dll
C:\WINDOWS\system32\fp0s03d7e.dll
C:\WINDOWS\system32\dkkquota.dll
C:\WINDOWS\system32\jt8607lse.dll
C:\WINDOWS\system32\1cticonfg.dll
C:\WINDOWS\system32\h82o0if3e82.dll
C:\WINDOWS\system32\1twemeui.dll
C:\WINDOWS\system32\4840elqehqe0.dll
C:\WINDOWS\system32\ebdyctl.dll
C:\WINDOWS\system32\r40l5hm1.dll
C:\WINDOWS\system32\ngdsapi.dll
C:\WINDOWS\system32\n6r20g9oe6.dll
C:\WINDOWS\system32\mv28l9fu1.dll
C:\WINDOWS\system32\Atresx32.dll
C:\WINDOWS\system32\o848lihu1848.dll
C:\WINDOWS\system32\g622lgfo162c.dll
C:\WINDOWS\system32\l42s0ef7eh2.dll
C:\WINDOWS\system32\q2680cjuefo80.dll
C:\WINDOWS\system32\nk_msgc.dll
C:\WINDOWS\system32\mbcms.dll
C:\WINDOWS\system32\o884lilq18qe.dll
C:\WINDOWS\system32\ktnul7591.dll
C:\WINDOWS\system32\n2p40c7qef.dll
C:\WINDOWS\system32\dnp2017oe.dll

Sitten KillBoxissa ylhäältä File > Paste from Clipboard. Valitse "All Files". Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Lähetä sen jälkeen uus Hijack-logi ja l2mfix-loki ajettuna option 1:llä

NaabKilla · Jan 14, 2006

Logfile of HijackThis v1.99.1
Scan saved at 13:12:27, on 14.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Documents and Settings\Atte\Työpöytä\Tärkeät\Bop-Pop.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Netti-Kilpi\Nettikilpi.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Winamp\winamp.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: MSN Search -työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "c:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [Bob-PopUp Killer 1.0 Freeware] C:\Documents and Settings\Atte\Työpöytä\Tärkeät\Bop-Pop.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Netti-Kilpi] C:\Program Files\Netti-Kilpi\Nettikilpi.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/230?b4a19586e799488e88f59ad042da54
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/229?b4a19586e799488e88f59ad042da54
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {3AF9DDB3-4B1E-48EA-B46F-06E11307AA37} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {9E44C300-2F21-409E-A3E7-434951071ED8} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {E17ECC18-5939-4DF1-9D58-AD487C6103F4} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: DataSet - C:\WINDOWS\system32\aza8l9fu1.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DataSet]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\aza8l9fu1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{92B9CAA7-B109-4C10-50C1-AF9B8661FBDA}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="N„yt”n CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web-kansiot"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{616c1f06-bad8-11d2-b355-00104b642749}"="Microangelo Context Menu Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}"="wodShellMenu"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{13E7F612-F261-4391-BEA2-39DF4F3FA311}"="Windows-ty”p”yt„haku"
"{97090E2F-3062-4459-855B-014F0D3CDBB1}"="MSN Deskbar"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}"=""
"{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}"=""
"{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}"=""
"{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}"=""
"{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}"=""
"{1D637718-E25A-41D9-8013-9B8168AC5D0C}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D426CFD0-87FC-4906-98D9-A23F5D515D61}]
@="MSN Desktop Search Outlook Express ISearchFolder Class"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}\InprocServer32]
@="C:\\WINDOWS\\system32\\myiqtz32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}\InprocServer32]
@="C:\\WINDOWS\\system32\\cucfg32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\InprocServer32]
@="C:\\WINDOWS\\system32\\nk_msgc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\InprocServer32]
@="C:\\WINDOWS\\system32\\LACLR14s.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\InprocServer32]
@="C:\\WINDOWS\\system32\\Atresx32.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Directory Listing of system files:
Aseman C nimi on ATEN_KONE
Aseman sarjanumero on 444C-69EF

Kansio C:\WINDOWS\System32

14.01.2006 01:23 233ÿ619 cticonfg.dll
14.01.2006 01:21 233ÿ619 twemeui.dll
14.01.2006 01:21 234ÿ103 o4840elqehqe0.dll
14.01.2006 01:21 233ÿ619 rebdyctl.dll
14.01.2006 01:21 234ÿ664 ir40l5hm1.dll
08.01.2006 12:16 6ÿ429 ntt32.inf
03.01.2006 23:38 74 ospcont.tem
15.12.2005 16:04 <KANSIO> dllcache
09.06.2004 05:20 <KANSIO> Microsoft
7 tiedosto(a) 1ÿ176ÿ127 tavua
2 kansio(ta) 33ÿ881ÿ997ÿ312 tavua vapaana

-kemisti- · Jan 14, 2006

Parempi jo.

Hae ccleaner -> http://www.ccleaner.com ja putsaa sillä rekisteri (eli Virheet, merkkaa kaikki -> Etsi rekisterin virheitä, anna poistaa mitä löytää, ota ensin varmuuskopio)

Fixaa HjT:llä:

O20 - Winlogon Notify: DataSet - C:\WINDOWS\system32\aza8l9fu1.dll

Avaa Killbox ja valitse Replace on reboot ja merkkaa "Use dummy".

Sitte kopioi rivit tosta alapuolelta yhellä kertaa:

C:\WINDOWS\system32\aza8l9fu1.dll
C:\WINDOWS\system32\cticonfg.dll
C:\WINDOWS\system32\twemeui.dll
C:\WINDOWS\system32\o4840elqehqe0.dll
C:\WINDOWS\system32\rebdyctl.dll
C:\WINDOWS\system32\ir40l5hm1.dll
C:\WINDOWS\system32\myiqtz32.dll

Sitten KillBoxissa ylhäältä File > Paste from Clipboard. Valitse "All Files". Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Lähetä sen jälkeen uus Hijack-logi ja l2mfix-loki ajettuna option 1:llä

-kemisti- · Jan 14, 2006

EDIT: Tupla

NaabKilla · Jan 14, 2006

mä ajoin vahingossa tolla ccleanerilla ton puhdistajan onks siitä mitään haittaa?

-kemisti- · Jan 14, 2006

Ei ole, mutta aja se Virheet myös.

NaabKilla · Jan 14, 2006

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{92B9CAA7-B109-4C10-50C1-AF9B8661FBDA}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="N„yt”n CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web-kansiot"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{616c1f06-bad8-11d2-b355-00104b642749}"="Microangelo Context Menu Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}"="wodShellMenu"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{13E7F612-F261-4391-BEA2-39DF4F3FA311}"="Windows-ty”p”yt„haku"
"{97090E2F-3062-4459-855B-014F0D3CDBB1}"="MSN Deskbar"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}"=""
"{9E804C7A-0444-4D2E-A37B-922BE2DB1BC7}"=""
"{8EFCDDD8-7FCB-4092-A10C-D2C9947CFC5F}"=""
"{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}"=""
"{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}"=""
"{1D637718-E25A-41D9-8013-9B8168AC5D0C}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D426CFD0-87FC-4906-98D9-A23F5D515D61}]
@="MSN Desktop Search Outlook Express ISearchFolder Class"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FE4F71B-7A44-4F7A-B013-DCF8DCD80C03}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D3D28618-C8AE-4EAF-8ADA-24A9EC251346}\InprocServer32]
@="C:\\WINDOWS\\system32\\nk_msgc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECF1625D-F2BC-4055-BF3B-DC0AC3F3CAAF}\InprocServer32]
@="C:\\WINDOWS\\system32\\LACLR14s.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D637718-E25A-41D9-8013-9B8168AC5D0C}\InprocServer32]
@="C:\\WINDOWS\\system32\\Atresx32.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Directory Listing of system files:
Aseman C nimi on ATEN_KONE
Aseman sarjanumero on 444C-69EF

Kansio C:\WINDOWS\System32

08.01.2006 12:16 6ÿ429 ntt32.inf
03.01.2006 23:38 74 ospcont.tem
15.12.2005 16:04 <KANSIO> dllcache
09.06.2004 05:20 <KANSIO> Microsoft
2 tiedosto(a) 6ÿ503 tavua
2 kansio(ta) 35ÿ225ÿ956ÿ352 tavua vapaana

Logfile of HijackThis v1.99.1
Scan saved at 14:21:25, on 14.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Atte\Työpöytä\Tärkeät\Bop-Pop.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Netti-Kilpi\Nettikilpi.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: MSN Search -työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "c:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [Bob-PopUp Killer 1.0 Freeware] C:\Documents and Settings\Atte\Työpöytä\Tärkeät\Bop-Pop.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Netti-Kilpi] C:\Program Files\Netti-Kilpi\Nettikilpi.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/230?b4a19586e799488e88f59ad042da54
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/229?b4a19586e799488e88f59ad042da54
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {3AF9DDB3-4B1E-48EA-B46F-06E11307AA37} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {9E44C300-2F21-409E-A3E7-434951071ED8} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {E17ECC18-5939-4DF1-9D58-AD487C6103F4} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Log in or Sign up

HJT- logi voiko joku kattoo?

NaabKilla Member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

ratnunter Regular member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

NaabKilla Member

Share This Page

Log in or Sign up

HJT- logi voiko joku kattoo?

NaabKilla Member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

ratnunter Regular member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

-kemisti- Active member

NaabKilla Member

-kemisti- Active member

NaabKilla Member

Share This Page

Useful Searches