PopUppeja ja poPUppeja sisältää hjt-lokin

Elikkä forkkasin ja asentelin uusiks windowsin sun muut kamppailin sitten kaikennäkösten spywarejen kanssa. Taistelun ensimmäinen vaihe on kait ohi ja nyt hermojani raastaa noin 5 min välein ilmestyvä SAATANAN VITUN PERKELEEN POPUPPi. puuh, Miten saan ne loppumaan?

Logfile of HijackThis v1.99.1
Scan saved at 5:24:08, on 1.2.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000169.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138658350841
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\j4j6le1s1h.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Ja look2me:ta tyrkkää

Fixaa nämä HjT:llä (do a system scan only, merkkaa ja paina fix checked):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000169.exe

Poista, jos löytyy:

C:\Program Files\Common Files\Windows\==>mc-110-12-0000169.exe<==

Hae täältä -> http://www.atribune.org/downloads/l2mfix.exe l2mfix ja tallenna työpöydälle. Tuplaklikkaa sitä ja klikkaa install. Avaa l2mfix -kansio työpöydältä ja tuplaklikkaa l2mfix.bat ja valitse #1 painamalla 1 ja enter(ÄLÄ tee vielä mitään muuta!!). Kopioi se loki ja lähetä tänne.

 

Done
Ja PoPuPPailu jatkuu, btw. Seuraavaksi?

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\j4j6le1s1h.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{648D03E4-D9A4-F35B-2D6A-F8C10E4B2F42}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
"{64134A2B-6A0D-479C-9143-945BA4F6405F}"=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{64134A2B-6A0D-479C-9143-945BA4F6405F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64134A2B-6A0D-479C-9143-945BA4F6405F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64134A2B-6A0D-479C-9143-945BA4F6405F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64134A2B-6A0D-479C-9143-945BA4F6405F}\InprocServer32]
@="C:\\WINDOWS\\system32\\dksapi.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
ati2cqag.dll Thu 5 Jan 2006 5.05.36 A.... 237 568 232,00 K
ati2dvag.dll Thu 5 Jan 2006 5.47.00 A.... 252 928 247,00 K
ati2edxx.dll Thu 5 Jan 2006 5.41.12 A.... 40 960 40,00 K
ati2evxx.dll Thu 5 Jan 2006 5.41.00 A.... 61 440 60,00 K
ati3duag.dll Thu 5 Jan 2006 5.31.28 A.... 2 518 176 2,40 M
atiddc.dll Thu 5 Jan 2006 5.39.22 A.... 53 248 52,00 K
atidemgr.dll Thu 5 Jan 2006 4.22.04 A.... 258 048 252,00 K
atiiiexx.dll Thu 5 Jan 2006 5.19.00 A.... 307 200 300,00 K
atikvmag.dll Thu 5 Jan 2006 5.11.38 A.... 151 552 148,00 K
atioglx1.dll Thu 5 Jan 2006 5.20.06 A.... 6 684 672 6,38 M
atioglxx.dll Thu 5 Jan 2006 5.01.34 A.... 4 968 448 4,74 M
atipdlxx.dll Thu 5 Jan 2006 5.41.42 A.... 110 592 108,00 K
atitvo32.dll Thu 5 Jan 2006 5.10.58 A.... 17 408 17,00 K
ativvaxx.dll Thu 5 Jan 2006 5.25.12 A.... 862 336 842,13 K
avsda.dll Wed 18 Jan 2006 13.06.02 A.... 57 344 56,00 K
d3dx9_28.dll Mon 5 Dec 2005 18.09.18 A.... 2 323 664 2,21 M
dksapi.dll Tue 31 Jan 2006 23.10.32 ..S.R 236 327 230,79 K
iom32.dll Tue 31 Jan 2006 21.23.10 ..S.R 234 272 228,78 K
iymp.dll Tue 31 Jan 2006 21.23.16 ..S.R 234 272 228,78 K
j4j6le~1.dll Tue 31 Jan 2006 22.01.00 ..S.R 236 327 230,79 K
j8l40i~1.dll Tue 31 Jan 2006 23.10.32 ..S.R 236 765 231,21 K
oemdspif.dll Thu 5 Jan 2006 5.41.26 A.... 77 824 76,00 K
vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K
vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K
vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K
vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K
vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K
vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K
vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K
xinput~1.dll Mon 5 Dec 2005 18.07.30 A.... 61 136 59,70 K
xvidcore.dll Fri 30 Dec 2005 20.10.30 A.... 761 856 744,00 K
xvidvfw.dll Fri 30 Dec 2005 20.18.26 A.... 180 224 176,00 K
zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K
zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K

34 items found: 34 files (5 H/S), 0 directories.
Total of file sizes: 22 426 003 bytes 21,39 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 8401-2940

Directory of C:\WINDOWS\System32

01.02.2006 01:03 <DIR> dllcache
31.01.2006 23:10 236ÿ327 dksapi.dll
31.01.2006 23:10 236ÿ765 j8l40i3qe8.dll
31.01.2006 22:00 236ÿ327 j4j6le1s1h.dll
31.01.2006 21:23 234ÿ272 iymp.dll
31.01.2006 21:23 234ÿ272 iom32.dll
31.01.2006 01:16 <DIR> Microsoft
5 File(s) 1ÿ177ÿ963 bytes
2 Dir(s) 2ÿ574ÿ655ÿ488 bytes free

 

Varmaan jatkuukin, kun l2mfixiä ei ole vielä ajettu

Sulje ensin kaikki ohjelmat, koska kone käynnistyy uudelleen.

Avaa l2mfix-kansio työpöydältä, tuplaklikkaa l2mfix.bat ja valitse valinta #2 (Run Fix) painamalla 2 ja enter , paina sitten mitä tahansa näppäintä, jolloin kone käynnistyy uudelleen. Käynnistyksen jälkeen työpöytä ja kuvakkeet häipyvät hetkeksi näkyvistä,se on normaalia. L2mfix jatkaa scannia ja kun se on valmis, loki avautuu muistioon. Kopioi se ja liitä tänne uuden hijackthis-lokin kanssa.

Jos käynnistyksen jälkeen kuvakkeet eivät häviä tai loki ei avaudu muistioon, tuplaklikkaa l2mfix-kansiossa olevaa second.bat, jotta fixi jatkuu.

 

l2mfix-loki

L2mfix 010406
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 400 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 500 'winlogon.exe'
Killing PID 500 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1912 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1656 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\fpp4037qe.dll
Successfully Deleted: C:\WINDOWS\system32\fpp4037qe.dll
Deleting: C:\WINDOWS\system32\iom32.dll
Successfully Deleted: C:\WINDOWS\system32\iom32.dll
Deleting: C:\WINDOWS\system32\iymp.dll
Successfully Deleted: C:\WINDOWS\system32\iymp.dll
Deleting: C:\WINDOWS\system32\j8l40i3qe8.dll
Successfully Deleted: C:\WINDOWS\system32\j8l40i3qe8.dll
Deleting: C:\WINDOWS\system32\mxiseq.dll
Successfully Deleted: C:\WINDOWS\system32\mxiseq.dll

msg11?.dll
0 file(s) copied.



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\j8l40i3qe8.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\fpp4037qe.dll
C:\WINDOWS\system32\iom32.dll
C:\WINDOWS\system32\iymp.dll
C:\WINDOWS\system32\j8l40i3qe8.dll
C:\WINDOWS\system32\mxiseq.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{64134A2B-6A0D-479C-9143-945BA4F6405F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64134A2B-6A0D-479C-9143-945BA4F6405F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64134A2B-6A0D-479C-9143-945BA4F6405F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64134A2B-6A0D-479C-9143-945BA4F6405F}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxiseq.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{64134A2B-6A0D-479C-9143-945BA4F6405F}"=-
[-HKEY_CLASSES_ROOT\CLSID\{64134A2B-6A0D-479C-9143-945BA4F6405F}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/fpp4037qe.dll (212 bytes security) (deflated 5%)
adding: dlls/iom32.dll (212 bytes security) (deflated 4%)
adding: dlls/iymp.dll (212 bytes security) (deflated 4%)
adding: dlls/j8l40i3qe8.dll (212 bytes security) (deflated 5%)
adding: dlls/mxiseq.dll (212 bytes security) (deflated 5%)
adding: backregs/64134A2B-6A0D-479C-9143-945BA4F6405F.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (212 bytes security) (deflated 87%)
adding: backregs/shell.reg (212 bytes security) (deflated 73%)

hjt-loki

Logfile of HijackThis v1.99.1
Scan saved at 4:53:12, on 2.2.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\AfterFormat\utorrent.exe
C:\Documents and Settings\Admin\Desktop\AfterFormat\mplayerc-nt.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138658350841
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\j8l40i3qe8.dll (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

thankyouverymuch! Ja Hermot Kiittää.

 

Hyvältä näyttää, lähti pois

Fixaa vielä tämä:

O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\j8l40i3qe8.dll (file missing)

Käynnistä uudelleen ja lähetä uusi HjT-loki.

 

No sun mieliksi

Logfile of HijackThis v1.99.1
Scan saved at 14:01:10, on 4.2.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ASUS\Probe\ASUSPROB.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\Admin\Desktop\AfterFormat\mplayerc-nt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138658350841
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Mulla taitaa olla ihan samantapainen onkelma.Yritin katella jotain vinkkejä noista aikaisemmista viesteistä mutta en saanut mitää irti.Eli mullakin pop uppeja pomppii vähän väli ja sitten kun aukaisee selaimen(mozilla) nii sivu ohjautuu itsestään jollekkin mainos sivuille yms.Eli tämmösiin ongelmiin pitäis saada vähän apuja?
laitan vielä ton hjt login:
Logfile of HijackThis v1.99.1
Scan saved at 16:02:40, on 4.2.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GAGP] C:\WINDOWS\System32\GAGP.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O4 - HKLM\..\Run: [Mirsft sdce] servs.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Mi7sft sdce] scorti.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Life FireWall Update1] FireWall-Update1.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\RunServices: [Life FireWall Update1] FireWall-Update1.exe
O4 - HKLM\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O4 - HKLM\..\RunServices: [Mirsft sdce] servs.exe
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Life FireWall Update1] FireWall-Update1.exe
O4 - HKCU\..\Run: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{63E2047B-FCB7-4251-8AA3-2658F3C23014}: NameServer = 212.50.131.153 213.139.190.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\m628lgfu1628.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Fixaa:

O4 - HKLM\..\Run: [GAGP] C:\WINDOWS\System32\GAGP.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O4 - HKLM\..\Run: [Mirsft sdce] servs.exe
O4 - HKLM\..\Run: [Mi7sft sdce] scorti.exe
O4 - HKLM\..\Run: [Life FireWall Update1] FireWall-Update1.exe
O4 - HKLM\..\RunServices: [Life FireWall Update1] FireWall-Update1.exe
O4 - HKLM\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O4 - HKLM\..\RunServices: [Mirsft sdce] servs.exe
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - HKCU\..\Run: [Life FireWall Update1] FireWall-Update1.exe
O4 - HKCU\..\Run: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\m628lgfu1628.dll

Käynnistä vikasietotilaan, ja poista nämä

C:\WINDOWS\System32\GAGP.exe
C:\WINDOWS\System32\winIogon.exe HUOM!!! Tämän kanssa TODELLA tarkkana. Tässä on siis iso i kirjain keskellä. Laillisessa pieni L

Käynnistä normaalitilaan

Hae täältä -> http://www.atribune.org/downloads/l2mfix.exe l2mfix ja tallenna työpöydälle. Tuplaklikkaa sitä ja klikkaa install. Avaa l2mfix -kansio työpöydältä ja tuplaklikkaa l2mfix.bat ja valitse #1 painamalla 1 ja enter(ÄLÄ tee vielä mitään muuta!!). Kopioi se loki ja lähetä tänne.

 

Kiitti neuvoista!En löytäny tota C:\WINDOWS\System32\winIogon.exe enää sen fixauksen jälkeen!?

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Unimodem]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hrpu0579e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A76D69E0-B875-D62C-F403-E17A849686D7}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="N„yt”n CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{1758B32E-2E87-411E-95F0-659C00514DF3}"=""
"{C592235A-A58C-48DC-B62C-AB7BCB2BB3F4}"=""
"{CA9EFBE9-E915-4ADA-B115-1F7E75BEC560}"=""
"{5966568C-7D19-4098-AE83-C9D46F73BD2C}"=""
"{BCF73381-7CB5-43D5-9048-1CE2471A68D4}"=""
"{3A536D8A-FBA6-4A65-9777-E1BD633285CA}"=""
"{CFA1E0E2-BF37-48CD-9F58-872A1AEB71A8}"=""
"{7E4B99A9-B84D-482B-B53E-34CD661D7DE4}"=""
"{ED578B3D-8C32-412E-9B6B-125D5997419A}"=""
"{EABD618D-E32B-4E42-B7CD-C0D5CEF8D4C6}"=""
"{5A431CDF-C97C-436C-ABD3-2C157A20323C}"=""
"{553563DE-F8D3-4330-9117-82FF449A4CC0}"=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8910A239-345F-4917-B5A5-480F69267EDA}"=""
"{502EFDB7-E7AB-44FC-8F9C-B519B8E0D8D0}"=""
"{416DEC8D-D387-4D43-ACBB-A1F41079FEA4}"=""
"{922B5BF5-7756-4228-B71A-039B8B8A22AE}"=""
"{7B7438AB-C7C8-4622-A4D4-033EFB8DAEB1}"=""
"{AF730DDA-AC7C-4054-BDDC-1060337C1218}"=""
"{452229D1-C11F-4F7C-B6B8-9F456A96CA8C}"=""
"{4B0A3EFE-CD45-4B85-AAAF-BF6A03AE6128}"=""
"{A1B72B3F-50F0-467B-A1FA-35F79A3DC2DC}"=""
"{802BF23C-470B-41DE-A6B0-381587EA7037}"=""
"{9592BB1B-E337-404E-9CF3-2735CD85AE67}"=""
"{A18C479B-53B1-4C66-8DFE-9E88A6E04417}"=""
"{2E03477B-F05D-47F2-A00A-15F867AACE60}"=""
"{BE3DF3FB-8B4D-4218-856D-B14691C624C8}"=""
"{C68F1017-3F12-406A-B1E6-607641395690}"=""
"{2B119913-7FA4-4B36-BE31-4A2B222D00EE}"=""
"{DD14D17A-B367-4B13-AFCE-FF0B86EA0115}"=""
"{086B79D8-C1FE-4A88-B025-1D12670386D4}"=""
"{BF570010-C329-44C4-9076-70DC09D1F657}"=""
"{FEF43FF9-8C73-45F6-8FD1-1B7CF1E91AE6}"=""
"{7D00103A-4B7C-4A92-A168-E115A4B5BB62}"=""
"{3B886085-E276-40BC-88BC-C4C2E65CFB2F}"=""
"{A905FB3E-425A-4C86-9424-BCC2F7E26CB3}"=""
"{E111B4A6-42C0-4BC6-BC9C-7171A7978740}"=""
"{86C43321-E4A9-45A4-8E68-16C30932260F}"=""
"{06005505-0EC7-483C-827F-F94B2BA27010}"=""
"{61DC2AF4-EB96-4DB7-A6B2-5C736795491E}"=""
"{2549F884-AA3F-465B-B0F1-2DC3FBBA5FDC}"=""
"{989EAC39-8B82-4278-9CA6-63874E559300}"=""
"{768ED112-0A46-41F4-BEEB-E22D89FFFCA7}"=""
"{2239C763-740F-4B97-806C-529646F59991}"=""
"{F34A41CF-EAB4-47EF-A42C-A836E83FF61D}"=""
"{4DF09495-0324-42E2-AACC-7E1A0D0ABB4A}"=""
"{2A66DD17-C378-456E-8D5E-41BB93D2FCDC}"=""
"{77239875-4AA2-4412-9308-E2D751BA476C}"=""
"{E1D27203-690B-4C7D-A388-D1A9F5D84808}"=""
"{C4CA3BE6-76A1-4C15-9A5A-0D8519C8AC4E}"=""
"{4744A88A-27F0-40FA-AE76-75D9650884E2}"=""
"{5C3A5019-70E9-4876-BF44-F6AFB0951A89}"=""
"{DB29EC55-273E-494C-BA9E-638B93144B61}"=""
"{C6F6E1E1-B213-44DB-AB5D-4D79DFB209DD}"=""
"{E88EAE69-22F3-4119-9AA5-6DB6D9C620A2}"=""
"{35A3BDF2-A729-40AB-98A8-3A0A21C2D401}"=""
"{26EF4751-8CAD-4110-8EDC-6C808BF33696}"=""
"{A3E8A66B-5D52-47AD-ADCC-451F85DB28A0}"=""
"{81E180E6-D6E9-457B-B148-6B2696E40478}"=""
"{6547E428-2EC0-4A08-AA07-299EF6FDA51F}"=""
"{97D68211-1408-461A-80AC-A15CF76AFD99}"=""
"{8AEEED30-5FF4-4874-9C71-0C42E50B42E6}"=""
"{B30D2E85-CD34-4BE6-AD46-8BE283060FF7}"=""
"{3547F6B3-CEF1-467A-AEAE-30478F77C942}"=""
"{F9819CEA-11EB-4AE0-AA39-01E59BFCDF46}"=""
"{02A454BC-4AC9-4D05-97B8-2DEB97F038A7}"=""
"{66BF9F29-5C6A-43EC-A4DB-4FBB578F63D7}"=""
"{317EE681-0BE2-45E3-9177-405F7BFAC143}"=""
"{A01A9184-A87D-44F4-8DE2-CBBD967D9324}"=""
"{5D25C076-EF64-459A-AFE9-458A789792AD}"=""
"{12DF87D4-8CA8-4C20-80A2-0C7E1B21BA13}"=""
"{4F000194-AA18-44A3-BE03-E678E123E5B1}"=""
"{4EC01F12-1D77-41A1-9947-E0A9F71B20AA}"=""
"{FA5C95FB-1E5B-4B05-B451-1B1083C6A9B1}"=""
"{DCD99A13-1B9A-4912-9A8D-85A04CA33CC6}"=""
"{5A025223-DC53-4A8D-85A0-ADFB8B2FAE9A}"=""
"{447423E8-D11B-4446-9120-7276216A40CE}"=""
"{5EC92A5A-0848-4963-BC3C-7AA14C23327B}"=""
"{238CB486-647C-4B88-9FFB-4142585F8A81}"=""
"{2F87EC4D-0115-4D77-BA2E-0C557B88D36F}"=""
"{CD74549F-60D3-44DE-AE57-22BFB5237EEA}"=""
"{16B9AF1D-E035-49F3-A0C0-A6D9BA00CDD8}"=""
"{6D0E8A2D-BAB7-4417-924F-6388797DF420}"=""
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
"{88B640AA-BBB5-47EF-8077-620A973AAD0B}"=""
"{CE84CD16-3D8A-424C-A652-C7382A1C0BB2}"=""
"{E8468BA0-63A8-4BBF-8D77-DCD5DC033FCB}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1758B32E-2E87-411E-95F0-659C00514DF3}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{1758B32E-2E87-411E-95F0-659C00514DF3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1758B32E-2E87-411E-95F0-659C00514DF3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1758B32E-2E87-411E-95F0-659C00514DF3}\InprocServer32]
@="C:\\WINDOWS\\system32\\AQIDDC.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C592235A-A58C-48DC-B62C-AB7BCB2BB3F4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C592235A-A58C-48DC-B62C-AB7BCB2BB3F4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C592235A-A58C-48DC-B62C-AB7BCB2BB3F4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C592235A-A58C-48DC-B62C-AB7BCB2BB3F4}\InprocServer32]
@="C:\\WINDOWS\\system32\\ayrsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CA9EFBE9-E915-4ADA-B115-1F7E75BEC560}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CA9EFBE9-E915-4ADA-B115-1F7E75BEC560}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CA9EFBE9-E915-4ADA-B115-1F7E75BEC560}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CA9EFBE9-E915-4ADA-B115-1F7E75BEC560}\InprocServer32]
@="C:\\WINDOWS\\system32\\rgpcfgex.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5966568C-7D19-4098-AE83-C9D46F73BD2C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5966568C-7D19-4098-AE83-C9D46F73BD2C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5966568C-7D19-4098-AE83-C9D46F73BD2C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5966568C-7D19-4098-AE83-C9D46F73BD2C}\InprocServer32]
@="C:\\WINDOWS\\system32\\fgdrclnr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BCF73381-7CB5-43D5-9048-1CE2471A68D4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BCF73381-7CB5-43D5-9048-1CE2471A68D4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BCF73381-7CB5-43D5-9048-1CE2471A68D4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BCF73381-7CB5-43D5-9048-1CE2471A68D4}\InprocServer32]
@="C:\\WINDOWS\\system32\\kldgae.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3A536D8A-FBA6-4A65-9777-E1BD633285CA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A536D8A-FBA6-4A65-9777-E1BD633285CA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A536D8A-FBA6-4A65-9777-E1BD633285CA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A536D8A-FBA6-4A65-9777-E1BD633285CA}\InprocServer32]
@="C:\\WINDOWS\\system32\\wln32spl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CFA1E0E2-BF37-48CD-9F58-872A1AEB71A8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFA1E0E2-BF37-48CD-9F58-872A1AEB71A8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFA1E0E2-BF37-48CD-9F58-872A1AEB71A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFA1E0E2-BF37-48CD-9F58-872A1AEB71A8}\InprocServer32]
@="C:\\WINDOWS\\system32\\rppcfgex.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7E4B99A9-B84D-482B-B53E-34CD661D7DE4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E4B99A9-B84D-482B-B53E-34CD661D7DE4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E4B99A9-B84D-482B-B53E-34CD661D7DE4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E4B99A9-B84D-482B-B53E-34CD661D7DE4}\InprocServer32]
@="C:\\WINDOWS\\system32\\natapi32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ED578B3D-8C32-412E-9B6B-125D5997419A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED578B3D-8C32-412E-9B6B-125D5997419A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED578B3D-8C32-412E-9B6B-125D5997419A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED578B3D-8C32-412E-9B6B-125D5997419A}\InprocServer32]
@="C:\\WINDOWS\\system32\\itaapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EABD618D-E32B-4E42-B7CD-C0D5CEF8D4C6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EABD618D-E32B-4E42-B7CD-C0D5CEF8D4C6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EABD618D-E32B-4E42-B7CD-C0D5CEF8D4C6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EABD618D-E32B-4E42-B7CD-C0D5CEF8D4C6}\InprocServer32]
@="C:\\WINDOWS\\system32\\wbsdmoe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5A431CDF-C97C-436C-ABD3-2C157A20323C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A431CDF-C97C-436C-ABD3-2C157A20323C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A431CDF-C97C-436C-ABD3-2C157A20323C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A431CDF-C97C-436C-ABD3-2C157A20323C}\InprocServer32]
@="C:\\WINDOWS\\system32\\dqskadp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{553563DE-F8D3-4330-9117-82FF449A4CC0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{553563DE-F8D3-4330-9117-82FF449A4CC0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{553563DE-F8D3-4330-9117-82FF449A4CC0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{553563DE-F8D3-4330-9117-82FF449A4CC0}\InprocServer32]
@="C:\\WINDOWS\\system32\\wicsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8910A239-345F-4917-B5A5-480F69267EDA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8910A239-345F-4917-B5A5-480F69267EDA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8910A239-345F-4917-B5A5-480F69267EDA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8910A239-345F-4917-B5A5-480F69267EDA}\InprocServer32]
@="C:\\WINDOWS\\system32\\wen32spl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{502EFDB7-E7AB-44FC-8F9C-B519B8E0D8D0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{502EFDB7-E7AB-44FC-8F9C-B519B8E0D8D0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{502EFDB7-E7AB-44FC-8F9C-B519B8E0D8D0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{502EFDB7-E7AB-44FC-8F9C-B519B8E0D8D0}\InprocServer32]
@="C:\\WINDOWS\\system32\\fhclient.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{416DEC8D-D387-4D43-ACBB-A1F41079FEA4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{416DEC8D-D387-4D43-ACBB-A1F41079FEA4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{416DEC8D-D387-4D43-ACBB-A1F41079FEA4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{416DEC8D-D387-4D43-ACBB-A1F41079FEA4}\InprocServer32]
@="C:\\WINDOWS\\system32\\irxmontr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{922B5BF5-7756-4228-B71A-039B8B8A22AE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{922B5BF5-7756-4228-B71A-039B8B8A22AE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{922B5BF5-7756-4228-B71A-039B8B8A22AE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{922B5BF5-7756-4228-B71A-039B8B8A22AE}\InprocServer32]
@="C:\\WINDOWS\\system32\\cycdll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7B7438AB-C7C8-4622-A4D4-033EFB8DAEB1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B7438AB-C7C8-4622-A4D4-033EFB8DAEB1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B7438AB-C7C8-4622-A4D4-033EFB8DAEB1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B7438AB-C7C8-4622-A4D4-033EFB8DAEB1}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkmstor.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AF730DDA-AC7C-4054-BDDC-1060337C1218}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AF730DDA-AC7C-4054-BDDC-1060337C1218}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AF730DDA-AC7C-4054-BDDC-1060337C1218}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AF730DDA-AC7C-4054-BDDC-1060337C1218}\InprocServer32]
@="C:\\WINDOWS\\system32\\aqicap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{452229D1-C11F-4F7C-B6B8-9F456A96CA8C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{452229D1-C11F-4F7C-B6B8-9F456A96CA8C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{452229D1-C11F-4F7C-B6B8-9F456A96CA8C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{452229D1-C11F-4F7C-B6B8-9F456A96CA8C}\InprocServer32]
@="C:\\WINDOWS\\system32\\woerrFIN.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4B0A3EFE-CD45-4B85-AAAF-BF6A03AE6128}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B0A3EFE-CD45-4B85-AAAF-BF6A03AE6128}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B0A3EFE-CD45-4B85-AAAF-BF6A03AE6128}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B0A3EFE-CD45-4B85-AAAF-BF6A03AE6128}\InprocServer32]
@="C:\\WINDOWS\\system32\\ilfosoft.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A1B72B3F-50F0-467B-A1FA-35F79A3DC2DC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A1B72B3F-50F0-467B-A1FA-35F79A3DC2DC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A1B72B3F-50F0-467B-A1FA-35F79A3DC2DC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A1B72B3F-50F0-467B-A1FA-35F79A3DC2DC}\InprocServer32]
@="C:\\WINDOWS\\system32\\mzwsock.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{802BF23C-470B-41DE-A6B0-381587EA7037}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{802BF23C-470B-41DE-A6B0-381587EA7037}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{802BF23C-470B-41DE-A6B0-381587EA7037}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{802BF23C-470B-41DE-A6B0-381587EA7037}\InprocServer32]
@="C:\\WINDOWS\\system32\\snrio600.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9592BB1B-E337-404E-9CF3-2735CD85AE67}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9592BB1B-E337-404E-9CF3-2735CD85AE67}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9592BB1B-E337-404E-9CF3-2735CD85AE67}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9592BB1B-E337-404E-9CF3-2735CD85AE67}\InprocServer32]
@="C:\\WINDOWS\\system32\\wontrust.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A18C479B-53B1-4C66-8DFE-9E88A6E04417}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A18C479B-53B1-4C66-8DFE-9E88A6E04417}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A18C479B-53B1-4C66-8DFE-9E88A6E04417}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A18C479B-53B1-4C66-8DFE-9E88A6E04417}\InprocServer32]
@="C:\\WINDOWS\\system32\\bqackbox.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2E03477B-F05D-47F2-A00A-15F867AACE60}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E03477B-F05D-47F2-A00A-15F867AACE60}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E03477B-F05D-47F2-A00A-15F867AACE60}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E03477B-F05D-47F2-A00A-15F867AACE60}\InprocServer32]
@="C:\\WINDOWS\\system32\\AIIDEMGR.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BE3DF3FB-8B4D-4218-856D-B14691C624C8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BE3DF3FB-8B4D-4218-856D-B14691C624C8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BE3DF3FB-8B4D-4218-856D-B14691C624C8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BE3DF3FB-8B4D-4218-856D-B14691C624C8}\InprocServer32]
@="C:\\WINDOWS\\system32\\kvrberos.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C68F1017-3F12-406A-B1E6-607641395690}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C68F1017-3F12-406A-B1E6-607641395690}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C68F1017-3F12-406A-B1E6-607641395690}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C68F1017-3F12-406A-B1E6-607641395690}\InprocServer32]
@="C:\\WINDOWS\\system32\\lmcmgr10.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2B119913-7FA4-4B36-BE31-4A2B222D00EE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B119913-7FA4-4B36-BE31-4A2B222D00EE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B119913-7FA4-4B36-BE31-4A2B222D00EE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B119913-7FA4-4B36-BE31-4A2B222D00EE}\InprocServer32]
@="C:\\WINDOWS\\system32\\noprint.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DD14D17A-B367-4B13-AFCE-FF0B86EA0115}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DD14D17A-B367-4B13-AFCE-FF0B86EA0115}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DD14D17A-B367-4B13-AFCE-FF0B86EA0115}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DD14D17A-B367-4B13-AFCE-FF0B86EA0115}\InprocServer32]
@="C:\\WINDOWS\\system32\\ibfgnt5.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{086B79D8-C1FE-4A88-B025-1D12670386D4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{086B79D8-C1FE-4A88-B025-1D12670386D4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{086B79D8-C1FE-4A88-B025-1D12670386D4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{086B79D8-C1FE-4A88-B025-1D12670386D4}\InprocServer32]
@="C:\\WINDOWS\\system32\\nqmkcert.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BF570010-C329-44C4-9076-70DC09D1F657}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BF570010-C329-44C4-9076-70DC09D1F657}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BF570010-C329-44C4-9076-70DC09D1F657}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BF570010-C329-44C4-9076-70DC09D1F657}\InprocServer32]
@="C:\\WINDOWS\\system32\\ravpmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FEF43FF9-8C73-45F6-8FD1-1B7CF1E91AE6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FEF43FF9-8C73-45F6-8FD1-1B7CF1E91AE6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FEF43FF9-8C73-45F6-8FD1-1B7CF1E91AE6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FEF43FF9-8C73-45F6-8FD1-1B7CF1E91AE6}\InprocServer32]
@="C:\\WINDOWS\\system32\\bYsesrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7D00103A-4B7C-4A92-A168-E115A4B5BB62}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7D00103A-4B7C-4A92-A168-E115A4B5BB62}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7D00103A-4B7C-4A92-A168-E115A4B5BB62}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7D00103A-4B7C-4A92-A168-E115A4B5BB62}\InprocServer32]
@="C:\\WINDOWS\\system32\\rJstls.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3B886085-E276-40BC-88BC-C4C2E65CFB2F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B886085-E276-40BC-88BC-C4C2E65CFB2F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B886085-E276-40BC-88BC-C4C2E65CFB2F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B886085-E276-40BC-88BC-C4C2E65CFB2F}\InprocServer32]
@="C:\\WINDOWS\\system32\\nmmsdba.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A905FB3E-425A-4C86-9424-BCC2F7E26CB3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A905FB3E-425A-4C86-9424-BCC2F7E26CB3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A905FB3E-425A-4C86-9424-BCC2F7E26CB3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A905FB3E-425A-4C86-9424-BCC2F7E26CB3}\InprocServer32]
@="C:\\WINDOWS\\system32\\djusic.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E111B4A6-42C0-4BC6-BC9C-7171A7978740}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E111B4A6-42C0-4BC6-BC9C-7171A7978740}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E111B4A6-42C0-4BC6-BC9C-7171A7978740}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E111B4A6-42C0-4BC6-BC9C-7171A7978740}\InprocServer32]
@="C:\\WINDOWS\\system32\\mojint40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{86C43321-E4A9-45A4-8E68-16C30932260F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{86C43321-E4A9-45A4-8E68-16C30932260F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{86C43321-E4A9-45A4-8E68-16C30932260F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{86C43321-E4A9-45A4-8E68-16C30932260F}\InprocServer32]
@="C:\\WINDOWS\\system32\\myastmib.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{06005505-0EC7-483C-827F-F94B2BA27010}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06005505-0EC7-483C-827F-F94B2BA27010}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06005505-0EC7-483C-827F-F94B2BA27010}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06005505-0EC7-483C-827F-F94B2BA27010}\InprocServer32]
@="C:\\WINDOWS\\system32\\wtvcore2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{61DC2AF4-EB96-4DB7-A6B2-5C736795491E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{61DC2AF4-EB96-4DB7-A6B2-5C736795491E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{61DC2AF4-EB96-4DB7-A6B2-5C736795491E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{61DC2AF4-EB96-4DB7-A6B2-5C736795491E}\InprocServer32]
@="C:\\WINDOWS\\system32\\wgaueng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2549F884-AA3F-465B-B0F1-2DC3FBBA5FDC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2549F884-AA3F-465B-B0F1-2DC3FBBA5FDC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2549F884-AA3F-465B-B0F1-2DC3FBBA5FDC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2549F884-AA3F-465B-B0F1-2DC3FBBA5FDC}\InprocServer32]
@="C:\\WINDOWS\\system32\\InagXpr5.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{989EAC39-8B82-4278-9CA6-63874E559300}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{989EAC39-8B82-4278-9CA6-63874E559300}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{989EAC39-8B82-4278-9CA6-63874E559300}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{989EAC39-8B82-4278-9CA6-63874E559300}\InprocServer32]
@="C:\\WINDOWS\\system32\\ripcfgex.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{768ED112-0A46-41F4-BEEB-E22D89FFFCA7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{768ED112-0A46-41F4-BEEB-E22D89FFFCA7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{768ED112-0A46-41F4-BEEB-E22D89FFFCA7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{768ED112-0A46-41F4-BEEB-E22D89FFFCA7}\InprocServer32]
@="C:\\WINDOWS\\system32\\cwbjmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2239C763-740F-4B97-806C-529646F59991}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2239C763-740F-4B97-806C-529646F59991}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2239C763-740F-4B97-806C-529646F59991}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2239C763-740F-4B97-806C-529646F59991}\InprocServer32]
@="C:\\WINDOWS\\system32\\snlwoa.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F34A41CF-EAB4-47EF-A42C-A836E83FF61D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F34A41CF-EAB4-47EF-A42C-A836E83FF61D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F34A41CF-EAB4-47EF-A42C-A836E83FF61D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F34A41CF-EAB4-47EF-A42C-A836E83FF61D}\InprocServer32]
@="C:\\WINDOWS\\system32\\awmeter.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4DF09495-0324-42E2-AACC-7E1A0D0ABB4A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DF09495-0324-42E2-AACC-7E1A0D0ABB4A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DF09495-0324-42E2-AACC-7E1A0D0ABB4A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DF09495-0324-42E2-AACC-7E1A0D0ABB4A}\InprocServer32]
@="C:\\WINDOWS\\system32\\dHtaclen.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2A66DD17-C378-456E-8D5E-41BB93D2FCDC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A66DD17-C378-456E-8D5E-41BB93D2FCDC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A66DD17-C378-456E-8D5E-41BB93D2FCDC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A66DD17-C378-456E-8D5E-41BB93D2FCDC}\InprocServer32]
@="C:\\WINDOWS\\system32\\mtcat32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{77239875-4AA2-4412-9308-E2D751BA476C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77239875-4AA2-4412-9308-E2D751BA476C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77239875-4AA2-4412-9308-E2D751BA476C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77239875-4AA2-4412-9308-E2D751BA476C}\InprocServer32]
@="C:\\WINDOWS\\system32\\irrnonce.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E1D27203-690B-4C7D-A388-D1A9F5D84808}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1D27203-690B-4C7D-A388-D1A9F5D84808}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1D27203-690B-4C7D-A388-D1A9F5D84808}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1D27203-690B-4C7D-A388-D1A9F5D84808}\InprocServer32]
@="C:\\WINDOWS\\system32\\mggsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C4CA3BE6-76A1-4C15-9A5A-0D8519C8AC4E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C4CA3BE6-76A1-4C15-9A5A-0D8519C8AC4E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C4CA3BE6-76A1-4C15-9A5A-0D8519C8AC4E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C4CA3BE6-76A1-4C15-9A5A-0D8519C8AC4E}\InprocServer32]
@="C:\\WINDOWS\\system32\\cymsnap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4744A88A-27F0-40FA-AE76-75D9650884E2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4744A88A-27F0-40FA-AE76-75D9650884E2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4744A88A-27F0-40FA-AE76-75D9650884E2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4744A88A-27F0-40FA-AE76-75D9650884E2}\InprocServer32]
@="C:\\WINDOWS\\system32\\wxcsapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5C3A5019-70E9-4876-BF44-F6AFB0951A89}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C3A5019-70E9-4876-BF44-F6AFB0951A89}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C3A5019-70E9-4876-BF44-F6AFB0951A89}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C3A5019-70E9-4876-BF44-F6AFB0951A89}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjjint40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DB29EC55-273E-494C-BA9E-638B93144B61}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DB29EC55-273E-494C-BA9E-638B93144B61}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DB29EC55-273E-494C-BA9E-638B93144B61}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DB29EC55-273E-494C-BA9E-638B93144B61}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjrclr40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C6F6E1E1-B213-44DB-AB5D-4D79DFB209DD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6F6E1E1-B213-44DB-AB5D-4D79DFB209DD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6F6E1E1-B213-44DB-AB5D-4D79DFB209DD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6F6E1E1-B213-44DB-AB5D-4D79DFB209DD}\InprocServer32]
@="C:\\WINDOWS\\system32\\mtcsubs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E88EAE69-22F3-4119-9AA5-6DB6D9C620A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E88EAE69-22F3-4119-9AA5-6DB6D9C620A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E88EAE69-22F3-4119-9AA5-6DB6D9C620A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E88EAE69-22F3-4119-9AA5-6DB6D9C620A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\dwband.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{35A3BDF2-A729-40AB-98A8-3A0A21C2D401}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35A3BDF2-A729-40AB-98A8-3A0A21C2D401}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35A3BDF2-A729-40AB-98A8-3A0A21C2D401}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35A3BDF2-A729-40AB-98A8-3A0A21C2D401}\InprocServer32]
@="C:\\WINDOWS\\system32\\hxtplug.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{26EF4751-8CAD-4110-8EDC-6C808BF33696}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{26EF4751-8CAD-4110-8EDC-6C808BF33696}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{26EF4751-8CAD-4110-8EDC-6C808BF33696}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{26EF4751-8CAD-4110-8EDC-6C808BF33696}\InprocServer32]
@="C:\\WINDOWS\\system32\\dprgsnap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A3E8A66B-5D52-47AD-ADCC-451F85DB28A0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A3E8A66B-5D52-47AD-ADCC-451F85DB28A0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A3E8A66B-5D52-47AD-ADCC-451F85DB28A0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A3E8A66B-5D52-47AD-ADCC-451F85DB28A0}\InprocServer32]
@="C:\\WINDOWS\\system32\\iopromon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{81E180E6-D6E9-457B-B148-6B2696E40478}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81E180E6-D6E9-457B-B148-6B2696E40478}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81E180E6-D6E9-457B-B148-6B2696E40478}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81E180E6-D6E9-457B-B148-6B2696E40478}\InprocServer32]
@="C:\\WINDOWS\\system32\\rHsadhlp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6547E428-2EC0-4A08-AA07-299EF6FDA51F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6547E428-2EC0-4A08-AA07-299EF6FDA51F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6547E428-2EC0-4A08-AA07-299EF6FDA51F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6547E428-2EC0-4A08-AA07-299EF6FDA51F}\InprocServer32]
@="C:\\WINDOWS\\system32\\ihagehlp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{97D68211-1408-461A-80AC-A15CF76AFD99}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{97D68211-1408-461A-80AC-A15CF76AFD99}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{97D68211-1408-461A-80AC-A15CF76AFD99}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{97D68211-1408-461A-80AC-A15CF76AFD99}\InprocServer32]
@="C:\\WINDOWS\\system32\\cbcdll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8AEEED30-5FF4-4874-9C71-0C42E50B42E6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8AEEED30-5FF4-4874-9C71-0C42E50B42E6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8AEEED30-5FF4-4874-9C71-0C42E50B42E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8AEEED30-5FF4-4874-9C71-0C42E50B42E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\otbc32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B30D2E85-CD34-4BE6-AD46-8BE283060FF7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B30D2E85-CD34-4BE6-AD46-8BE283060FF7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B30D2E85-CD34-4BE6-AD46-8BE283060FF7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B30D2E85-CD34-4BE6-AD46-8BE283060FF7}\InprocServer32]
@="C:\\WINDOWS\\system32\\dprgui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3547F6B3-CEF1-467A-AEAE-30478F77C942}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3547F6B3-CEF1-467A-AEAE-30478F77C942}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3547F6B3-CEF1-467A-AEAE-30478F77C942}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3547F6B3-CEF1-467A-AEAE-30478F77C942}\InprocServer32]
@="C:\\WINDOWS\\system32\\prgfilt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F9819CEA-11EB-4AE0-AA39-01E59BFCDF46}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9819CEA-11EB-4AE0-AA39-01E59BFCDF46}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9819CEA-11EB-4AE0-AA39-01E59BFCDF46}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9819CEA-11EB-4AE0-AA39-01E59BFCDF46}\InprocServer32]
@="C:\\WINDOWS\\system32\\kndhe220.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{02A454BC-4AC9-4D05-97B8-2DEB97F038A7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{02A454BC-4AC9-4D05-97B8-2DEB97F038A7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{02A454BC-4AC9-4D05-97B8-2DEB97F038A7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{02A454BC-4AC9-4D05-97B8-2DEB97F038A7}\InprocServer32]
@="C:\\WINDOWS\\system32\\uynphost.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{66BF9F29-5C6A-43EC-A4DB-4FBB578F63D7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{66BF9F29-5C6A-43EC-A4DB-4FBB578F63D7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{66BF9F29-5C6A-43EC-A4DB-4FBB578F63D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{66BF9F29-5C6A-43EC-A4DB-4FBB578F63D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\mrvbvm50.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{317EE681-0BE2-45E3-9177-405F7BFAC143}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{317EE681-0BE2-45E3-9177-405F7BFAC143}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{317EE681-0BE2-45E3-9177-405F7BFAC143}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{317EE681-0BE2-45E3-9177-405F7BFAC143}\InprocServer32]
@="C:\\WINDOWS\\system32\\otengl32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A01A9184-A87D-44F4-8DE2-CBBD967D9324}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A01A9184-A87D-44F4-8DE2-CBBD967D9324}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A01A9184-A87D-44F4-8DE2-CBBD967D9324}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A01A9184-A87D-44F4-8DE2-CBBD967D9324}\InprocServer32]
@="C:\\WINDOWS\\system32\\szfolder.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5D25C076-EF64-459A-AFE9-458A789792AD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D25C076-EF64-459A-AFE9-458A789792AD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D25C076-EF64-459A-AFE9-458A789792AD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D25C076-EF64-459A-AFE9-458A789792AD}\InprocServer32]
@="C:\\WINDOWS\\system32\\kgdtat.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{12DF87D4-8CA8-4C20-80A2-0C7E1B21BA13}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{12DF87D4-8CA8-4C20-80A2-0C7E1B21BA13}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{12DF87D4-8CA8-4C20-80A2-0C7E1B21BA13}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{12DF87D4-8CA8-4C20-80A2-0C7E1B21BA13}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxtlsapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4F000194-AA18-44A3-BE03-E678E123E5B1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F000194-AA18-44A3-BE03-E678E123E5B1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F000194-AA18-44A3-BE03-E678E123E5B1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F000194-AA18-44A3-BE03-E678E123E5B1}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4EC01F12-1D77-41A1-9947-E0A9F71B20AA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4EC01F12-1D77-41A1-9947-E0A9F71B20AA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4EC01F12-1D77-41A1-9947-E0A9F71B20AA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4EC01F12-1D77-41A1-9947-E0A9F71B20AA}\InprocServer32]
@="C:\\WINDOWS\\system32\\trflog.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FA5C95FB-1E5B-4B05-B451-1B1083C6A9B1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FA5C95FB-1E5B-4B05-B451-1B1083C6A9B1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FA5C95FB-1E5B-4B05-B451-1B1083C6A9B1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FA5C95FB-1E5B-4B05-B451-1B1083C6A9B1}\InprocServer32]
@="C:\\WINDOWS\\system32\\decpmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DCD99A13-1B9A-4912-9A8D-85A04CA33CC6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCD99A13-1B9A-4912-9A8D-85A04CA33CC6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCD99A13-1B9A-4912-9A8D-85A04CA33CC6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCD99A13-1B9A-4912-9A8D-85A04CA33CC6}\InprocServer32]
@="C:\\WINDOWS\\system32\\fhp8037ue.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5A025223-DC53-4A8D-85A0-ADFB8B2FAE9A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A025223-DC53-4A8D-85A0-ADFB8B2FAE9A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A025223-DC53-4A8D-85A0-ADFB8B2FAE9A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A025223-DC53-4A8D-85A0-ADFB8B2FAE9A}\InprocServer32]
@="C:\\WINDOWS\\system32\\sfnceng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{447423E8-D11B-4446-9120-7276216A40CE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{447423E8-D11B-4446-9120-7276216A40CE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{447423E8-D11B-4446-9120-7276216A40CE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{447423E8-D11B-4446-9120-7276216A40CE}\InprocServer32]
@="C:\\WINDOWS\\system32\\vprifier.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5EC92A5A-0848-4963-BC3C-7AA14C23327B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5EC92A5A-0848-4963-BC3C-7AA14C23327B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5EC92A5A-0848-4963-BC3C-7AA14C23327B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5EC92A5A-0848-4963-BC3C-7AA14C23327B}\InprocServer32]
@="C:\\WINDOWS\\system32\\opbcp32r.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{238CB486-647C-4B88-9FFB-4142585F8A81}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{238CB486-647C-4B88-9FFB-4142585F8A81}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{238CB486-647C-4B88-9FFB-4142585F8A81}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{238CB486-647C-4B88-9FFB-4142585F8A81}\InprocServer32]
@="C:\\WINDOWS\\system32\\moiole16.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2F87EC4D-0115-4D77-BA2E-0C557B88D36F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F87EC4D-0115-4D77-BA2E-0C557B88D36F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F87EC4D-0115-4D77-BA2E-0C557B88D36F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F87EC4D-0115-4D77-BA2E-0C557B88D36F}\InprocServer32]
@="C:\\WINDOWS\\system32\\bfowsewm.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CD74549F-60D3-44DE-AE57-22BFB5237EEA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CD74549F-60D3-44DE-AE57-22BFB5237EEA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CD74549F-60D3-44DE-AE57-22BFB5237EEA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CD74549F-60D3-44DE-AE57-22BFB5237EEA}\InprocServer32]
@="C:\\WINDOWS\\system32\\ibwdial.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{16B9AF1D-E035-49F3-A0C0-A6D9BA00CDD8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16B9AF1D-E035-49F3-A0C0-A6D9BA00CDD8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16B9AF1D-E035-49F3-A0C0-A6D9BA00CDD8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16B9AF1D-E035-49F3-A0C0-A6D9BA00CDD8}\InprocServer32]
@="C:\\WINDOWS\\system32\\nTrrhook.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6D0E8A2D-BAB7-4417-924F-6388797DF420}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D0E8A2D-BAB7-4417-924F-6388797DF420}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D0E8A2D-BAB7-4417-924F-6388797DF420}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D0E8A2D-BAB7-4417-924F-6388797DF420}\InprocServer32]
@="C:\\WINDOWS\\system32\\hQ23msp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{88B640AA-BBB5-47EF-8077-620A973AAD0B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88B640AA-BBB5-47EF-8077-620A973AAD0B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88B640AA-BBB5-47EF-8077-620A973AAD0B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88B640AA-BBB5-47EF-8077-620A973AAD0B}\InprocServer32]
@="C:\\WINDOWS\\system32\\amitvo32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CE84CD16-3D8A-424C-A652-C7382A1C0BB2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE84CD16-3D8A-424C-A652-C7382A1C0BB2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE84CD16-3D8A-424C-A652-C7382A1C0BB2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE84CD16-3D8A-424C-A652-C7382A1C0BB2}\InprocServer32]
@="C:\\WINDOWS\\system32\\pfrfdisk.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E8468BA0-63A8-4BBF-8D77-DCD5DC033FCB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8468BA0-63A8-4BBF-8D77-DCD5DC033FCB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8468BA0-63A8-4BBF-8D77-DCD5DC033FCB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8468BA0-63A8-4BBF-8D77-DCD5DC033FCB}\InprocServer32]
@="C:\\WINDOWS\\system32\\sfi_ci.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
amitvo32.dll Sat 4 Feb 2006 18.03.12 ..S.R 234 546 229,05 K
bfowsewm.dll Fri 3 Feb 2006 21.09.26 ..S.R 235 860 230,33 K
gp04l3~1.dll Thu 2 Feb 2006 22.41.58 ..S.R 236 829 231,28 K
hq23msp.dll Sat 4 Feb 2006 15.29.02 ..S.R 234 139 228,65 K
hrpu05~1.dll Sat 4 Feb 2006 18.14.00 ..S.R 235 521 230,00 K
ibwdial.dll Sat 4 Feb 2006 14.46.38 ..S.R 236 949 231,39 K
irjol5~1.dll Thu 2 Feb 2006 22.33.18 ..S.R 236 934 231,38 K
ktnml7~1.dll Thu 5 Jan 2006 18.15.38 A.... 236 854 231,30 K
moiole16.dll Thu 2 Feb 2006 22.41.54 ..S.R 235 860 230,33 K
mv8ol9~1.dll Thu 2 Feb 2006 21.49.28 ..S.R 237 048 231,49 K
n2p4lc~1.dll Thu 2 Feb 2006 21.49.24 ..S.R 237 332 231,77 K
n46q0e~1.dll Sat 4 Feb 2006 18.19.10 ..S.R 236 085 230,55 K
ntrrhook.dll Sat 4 Feb 2006 14.55.20 ..S.R 235 860 230,33 K
pfrfdisk.dll Sat 4 Feb 2006 18.19.10 ..S.R 235 521 230,00 K
s32evnt1.dll Thu 1 Dec 2005 12.14.20 A.... 86 091 84,07 K
sfi_ci.dll Sat 4 Feb 2006 18.14.00 ..S.R 234 546 229,05 K
vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K
vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K
vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K
vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K
vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K
vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K
vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K
zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K
zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K

25 items found: 25 files (14 H/S), 0 directories.
Total of file sizes: 4 887 391 bytes 4,66 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Sat 4 Feb 2006 18.19.14 A.... 235 786 230,26 K

1 item found: 1 file, 0 directories.
Total of file sizes: 235 786 bytes 230,26 K
**********************************************************************************
Directory Listing of system files:
Asemalla C ei ole nime„.
Aseman sarjanumero on 6C95-49E5

Kansio C:\WINDOWS\System32

04.02.2006 18:19 235ÿ521 pfrfdisk.dll
04.02.2006 18:19 236ÿ085 n46q0ej5eho.dll
04.02.2006 18:13 234ÿ546 sfi_ci.dll
04.02.2006 18:13 235ÿ521 hrpu0579e.dll
04.02.2006 18:03 234ÿ546 amitvo32.dll
04.02.2006 15:29 234ÿ139 hQ23msp.dll
04.02.2006 14:55 235ÿ860 nTrrhook.dll
04.02.2006 14:46 236ÿ949 ibwdial.dll
03.02.2006 21:09 235ÿ860 bfowsewm.dll
02.02.2006 22:41 236ÿ829 gp04l3dq1.dll
02.02.2006 22:41 235ÿ860 moiole16.dll
02.02.2006 22:33 236ÿ934 irjol5131.dll
02.02.2006 21:49 237ÿ048 mv8ol9l31.dll
02.02.2006 21:49 237ÿ332 n2p4lc7q1f.dll
20.01.2006 09:17 93ÿ184 mfs.exe
23.12.2005 15:52 <KANSIO> dllcache
15.11.2005 22:19 <KANSIO> Microsoft
15 tiedosto(a) 3ÿ396ÿ214 tavua
2 kansio(ta) 3ÿ846ÿ623ÿ232 tavua vapaana

 

Sulje ensin kaikki ohjelmat, koska kone käynnistyy uudelleen.

Avaa l2mfix-kansio työpöydältä, tuplaklikkaa l2mfix.bat ja valitse valinta #2 (Run Fix) painamalla 2 ja enter , paina sitten mitä tahansa näppäintä, jolloin kone käynnistyy uudelleen. Käynnistyksen jälkeen työpöytä ja kuvakkeet häipyvät hetkeksi näkyvistä,se on normaalia. L2mfix jatkaa scannia ja kun se on valmis, loki avautuu muistioon. Kopioi se ja liitä tänne uuden hijackthis-lokin kanssa.

Jos käynnistyksen jälkeen kuvakkeet eivät häviä tai loki ei avaudu muistioon, tuplaklikkaa l2mfix-kansiossa olevaa second.bat, jotta fixi jatkuu.

 

Tuo l2mfix systeemi ei ottanut onnistuakseen;kaikki meni by the book siihen asti että kone käynnistyi uudestaan.Kuvakkeet ei hävinny eikä lokiakaan näkynyt ja second.bat sanoo että

 

Jaahans.... Eipä ole ennen sattunut tuollaistakaan vastaan. Kokeile ensin vaikkapa skannata Ewidolla vikasietotilassa. Päivitä se ensin normaalitilassa > http://keskustelu.afterdawn.com/thread_view.cfm/269186

Ja jotta tuo filu, mitä et viimeksi löytänyt löytyisi nyt niin laita piilotiedostot näkyviin. En muistanut aiemmin siitä mainita. > http://keskustelu.afterdawn.com/thread_view.cfm/248944

Kun olet skannin tehnyt, ja poistanut sen filun boottaa normaalitilaan. Kokeile uudestaan sitä l2mfixiä

 

Ei löydy sitä filua vaikka piilotiedostot on näkyvissä ja l2mfix ei toimi edelleenkään,vaikka scannit on suoritettu!?missä vika?

 

Laitan viestiä mua pätevämmille eteenpäin. Minulla menee sormi suuhun....

 

koitetaa uuestaan

ensiksi klikkaa käynnistä> suorita> kirjota services.msc ja paina enter
eti palvelu toissijainen kirjautuminen( seclogon)
tuplaklikkaa sitä jotta pääset sen ominaisuussivulle, valitte käynnistystavaksi automaattinen, lisäksi klikkaa "käynnistä palvelu" nappia

sitte avaa l2mefix kansio, tuplaklikkaa l2mfix.bat ja valitse valinta #2 (Run Fix) painamalla 2 ja enter
sitte et painakkaa mitään ennenkuin l2mefix ilmottaa että press any key to reboot

uudelleenkäynnistykse jälkeen pitäs lokin aueta. paa se tänne

 

Joo näytti olevan tuo palvelu jo valmiina päällä,mutta sammutin ja laitoin uudestaan päälle.Ei mitään muutosta lokin kanssa ja second.bat valittaa edelleen samaa.Mikähän lie vikana.

 

no second.battia ei oo tarkotus laittaa yksin, vaan aina l2mefixin kautta

onko siell l2mefix kansiossa log2.txt, paa tänne

 

ja todellakin, sen jälkeen kun oot painanu 2 ja enter ei saa koskee mihinkään näppäimeen!!=> kunnes sanotaan press any key to reboot now

alotetaan alusta, laita hijackthis loki ja l2mefix vaihtoehto 1 loki
laita myös se log 2 txt jos se löytyy