Host-tiedoston kaappaus

Kerkisitkin jo vastata kun kirjoittelin postia sulle tuolla toisella foorumilla. Katso yksityisviesti.
.
.

Ei onnistunut. Tulee jokin virheilmoitus kun yritän fixata. Ota yhteys ilmeisesti ohjelman valmistajaan blaa blaa blaa...

En tiedä mitäs nyt sitten tehdä

roosamarika kirjoitti:

Ei onnistunut. Tulee jokin virheilmoitus kun yritän fixata. Ota yhteys ilmeisesti ohjelman valmistajaan blaa blaa blaa...

En tiedä mitäs nyt sitten tehdä

Saikko ton tehtyä

Avaa se ja pistä täppi kohtaan

I know what I´m doing

Sitte siirrät kaikki nuo oikealle puolelle sillä nuolinäppäimellä ja paina Finish.

aklsp.dll


Mää vastaan kohta uudestaan,että miten jatketaan.

Juu kirjoitti:

Saikko ton tehtyä

Avaa se ja pistä täppi kohtaan

I know what I´m doing

Sitte siirrät kaikki nuo oikealle puolelle sillä nuolinäppäimellä ja paina Finish.

aklsp.dll


Mää vastaan kohta uudestaan,että miten jatketaan.

Lue lisää

Ota tosta l2mfix.exe.

http://www.atribune.org/downloads/l2mfix.exe


Säästä se työpöydälle ja tuplaklikkaa sitä ja ensin Accept ja sitte Install
Työpöydälle ilmestyy l2mfix kansio.
Avaa se ja tuplaklikkaa l2mfix.bat
Valitse kohta 1 eli näppäät ykkösen ja Enter
Anna sen scannata valmiiks ja pistä ulostuleva logi tänne.

> Oliko tarkoitus tehdä se 2. siitä? <

Turhaa kai näitä ohjeita yrittää pistää,jos niitä ei lueta.

Avaa se ja tuplaklikkaa l2mfix.bat
Valitse kohta 1 eli näppäät ykkösen ja Enter
Anna sen scannata valmiiks ja pistä ulostuleva logi tänne.

Juu kirjoitti:

> Oliko tarkoitus tehdä se 2. siitä? <

Turhaa kai näitä ohjeita yrittää pistää,jos niitä ei lueta.

Avaa se ja tuplaklikkaa l2mfix.bat
Valitse kohta 1 eli näppäät ykkösen ja Enter
Anna sen scannata valmiiks ja pistä ulostuleva logi tänne.

Lue lisää

L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
akcore.dll Fri 11 Feb 2005 15.42.40 A.... 188 416 184,00 K
aklsp.dll Fri 11 Feb 2005 15.42.46 A.... 196 608 192,00 K
akrules.dll Fri 11 Feb 2005 15.42.42 A.... 110 592 108,00 K
akupd.dll Fri 11 Feb 2005 15.41.20 A.... 155 648 152,00 K
hypertrm.dll Wed 17 Nov 2004 19.57.38 A.... 496 128 484,50 K
itss.dll Mon 17 Jan 2005 18.34.40 A.... 123 392 120,50 K
mstask.dll Mon 17 Jan 2005 18.35.00 A.... 261 632 255,50 K
netapi32.dll Mon 17 Jan 2005 18.35.00 A.... 306 688 299,50 K
s32evnt1.dll Mon 20 Dec 2004 18.58.18 A.... 83 664 81,70 K
schedsvc.dll Mon 17 Jan 2005 18.35.00 A.... 172 544 168,50 K
spmsg.dll Tue 30 Nov 2004 14.29.56 ..... 7 168 7,00 K
sporder.dll Fri 11 Feb 2005 15.42.44 A.... 8 464 8,27 K
symneti.dll Fri 21 Jan 2005 22.31.54 A.... 513 752 501,71 K
symredir.dll Fri 21 Jan 2005 22.31.52 A.... 141 016 137,71 K
user32.dll Wed 29 Dec 2004 3.32.56 A.... 574 976 561,50 K
vsdata.dll Wed 26 Jan 2005 4.22.16 A.... 75 536 73,77 K
vsinit.dll Wed 26 Jan 2005 4.22.28 A.... 124 688 121,77 K
vsmonapi.dll Wed 26 Jan 2005 4.22.36 A.... 108 312 105,77 K
vspubapi.dll Wed 26 Jan 2005 4.22.40 A.... 198 424 193,77 K
vsregexp.dll Wed 26 Jan 2005 4.22.44 A.... 71 448 69,77 K
vsutil.dll Wed 26 Jan 2005 4.22.56 A.... 354 064 345,77 K
vsxml.dll Wed 26 Jan 2005 4.23.04 A.... 100 112 97,77 K
zlcomm.dll Wed 26 Jan 2005 4.23.24 A.... 75 536 73,77 K
zlcommdb.dll Wed 26 Jan 2005 4.23.28 A.... 67 352 65,77 K

24 items found: 24 files, 0 directories.
Total of file sizes: 4 516 160 bytes 4,30 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Asemalla C ei ole nime„.
Aseman sarjanumero on A08E-9D61

Kansio C:\WINDOWS\System32

15.02.2005 16:40 dllcache
16.01.2005 10:29 Microsoft
16.01.2005 10:28 32 {45216ADF-522B-4978-AD8F-7D3243201583}.dat
1 tiedosto(a) 32 tavua
2 kansio(ta) 14ÿ846ÿ820ÿ352 tavua vapaana

roosamarika kirjoitti:

L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
akcore.dll Fri 11 Feb 2005 15.42.40 A.... 188 416 184,00 K
aklsp.dll Fri 11 Feb 2005 15.42.46 A.... 196 608 192,00 K
akrules.dll Fri 11 Feb 2005 15.42.42 A.... 110 592 108,00 K
akupd.dll Fri 11 Feb 2005 15.41.20 A.... 155 648 152,00 K
hypertrm.dll Wed 17 Nov 2004 19.57.38 A.... 496 128 484,50 K
itss.dll Mon 17 Jan 2005 18.34.40 A.... 123 392 120,50 K
mstask.dll Mon 17 Jan 2005 18.35.00 A.... 261 632 255,50 K
netapi32.dll Mon 17 Jan 2005 18.35.00 A.... 306 688 299,50 K
s32evnt1.dll Mon 20 Dec 2004 18.58.18 A.... 83 664 81,70 K
schedsvc.dll Mon 17 Jan 2005 18.35.00 A.... 172 544 168,50 K
spmsg.dll Tue 30 Nov 2004 14.29.56 ..... 7 168 7,00 K
sporder.dll Fri 11 Feb 2005 15.42.44 A.... 8 464 8,27 K
symneti.dll Fri 21 Jan 2005 22.31.54 A.... 513 752 501,71 K
symredir.dll Fri 21 Jan 2005 22.31.52 A.... 141 016 137,71 K
user32.dll Wed 29 Dec 2004 3.32.56 A.... 574 976 561,50 K
vsdata.dll Wed 26 Jan 2005 4.22.16 A.... 75 536 73,77 K
vsinit.dll Wed 26 Jan 2005 4.22.28 A.... 124 688 121,77 K
vsmonapi.dll Wed 26 Jan 2005 4.22.36 A.... 108 312 105,77 K
vspubapi.dll Wed 26 Jan 2005 4.22.40 A.... 198 424 193,77 K
vsregexp.dll Wed 26 Jan 2005 4.22.44 A.... 71 448 69,77 K
vsutil.dll Wed 26 Jan 2005 4.22.56 A.... 354 064 345,77 K
vsxml.dll Wed 26 Jan 2005 4.23.04 A.... 100 112 97,77 K
zlcomm.dll Wed 26 Jan 2005 4.23.24 A.... 75 536 73,77 K
zlcommdb.dll Wed 26 Jan 2005 4.23.28 A.... 67 352 65,77 K

24 items found: 24 files, 0 directories.
Total of file sizes: 4 516 160 bytes 4,30 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Asemalla C ei ole nime„.
Aseman sarjanumero on A08E-9D61

Kansio C:\WINDOWS\System32

15.02.2005 16:40 dllcache
16.01.2005 10:29 Microsoft
16.01.2005 10:28 32 {45216ADF-522B-4978-AD8F-7D3243201583}.dat
1 tiedosto(a) 32 tavua
2 kansio(ta) 14ÿ846ÿ820ÿ352 tavua vapaana

Lue lisää

Jos sulla on jotain extraa siinä auki,niin sammuta jo valmiiks,koska kone käynnistyy uudestaan suraavassa operaatiossa.

Avaa l2mfix kansio ja tuplaklikkaa l2mfix.bat
valitse kohta 2 eli näppäät 2 ja Enter
Sitte paina vaan jotain näppäintä ja kone käynnistyy vissiin uudestaan.
Kun kone on käynnistynny uudestaan,niin se jatkaa scannausta ja kun se on valmis,niin tulee taas logi ulos.
Pistä se logi tänne ja uus Hijack logi.

Juu kirjoitti:

Jos sulla on jotain extraa siinä auki,niin sammuta jo valmiiks,koska kone käynnistyy uudestaan suraavassa operaatiossa.

Avaa l2mfix kansio ja tuplaklikkaa l2mfix.bat
valitse kohta 2 eli näppäät 2 ja Enter
Sitte paina vaan jotain näppäintä ja kone käynnistyy vissiin uudestaan.
Kun kone on käynnistynny uudestaan,niin se jatkaa scannausta ja kun se on valmis,niin tulee taas logi ulos.
Pistä se logi tänne ja uus Hijack logi.

Lue lisää

C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email protected]
Killing PID 1120 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
updating: clear.reg (188 bytes security) (deflated 2%)
updating: lo2.txt (188 bytes security) (deflated 48%)
updating: test.txt (188 bytes security) (stored 0%)
updating: test2.txt (188 bytes security) (stored 0%)
updating: test3.txt (188 bytes security) (stored 0%)
updating: test5.txt (188 bytes security) (stored 0%)
adding: log.txt (188 bytes security) (deflated 76%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for really "Everyone"


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read    BUILTIN\K„ytt„j„t
(ID-IO) ALLOW Read    BUILTIN\K„ytt„j„t
(ID-NI) ALLOW Read    BUILTIN\Tehok„ytt„j„t
(ID-IO) ALLOW Read    BUILTIN\Tehok„ytt„j„t
(ID-NI) ALLOW Full access    BUILTIN\J„rjestelm„nvalvojat
(ID-IO) ALLOW Full access    BUILTIN\J„rjestelm„nvalvojat
(ID-NI) ALLOW Full access    NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access    NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access    LUOJA-OMISTAJA


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


roosamarika kirjoitti:

C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email protected]
Killing PID 1120 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
updating: clear.reg (188 bytes security) (deflated 2%)
updating: lo2.txt (188 bytes security) (deflated 48%)
updating: test.txt (188 bytes security) (stored 0%)
updating: test2.txt (188 bytes security) (stored 0%)
updating: test3.txt (188 bytes security) (stored 0%)
updating: test5.txt (188 bytes security) (stored 0%)
adding: log.txt (188 bytes security) (deflated 76%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for really "Everyone"


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read    BUILTIN\K„ytt„j„t
(ID-IO) ALLOW Read    BUILTIN\K„ytt„j„t
(ID-NI) ALLOW Read    BUILTIN\Tehok„ytt„j„t
(ID-IO) ALLOW Read    BUILTIN\Tehok„ytt„j„t
(ID-NI) ALLOW Full access    BUILTIN\J„rjestelm„nvalvojat
(ID-IO) ALLOW Full access    BUILTIN\J„rjestelm„nvalvojat
(ID-NI) ALLOW Full access    NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access    NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access    LUOJA-OMISTAJA


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


Lue lisää

Logfile of HijackThis v1.99.0
Scan saved at 17:39:29, on 15.2.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F39B8AF-3338-4E01-A8DE-D256E9E6CD76}: NameServer = 212.50.131.153 213.139.190.3
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet - Unknown - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

roosamarika kirjoitti:

C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email protected]
Killing PID 1120 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
updating: clear.reg (188 bytes security) (deflated 2%)
updating: lo2.txt (188 bytes security) (deflated 48%)
updating: test.txt (188 bytes security) (stored 0%)
updating: test2.txt (188 bytes security) (stored 0%)
updating: test3.txt (188 bytes security) (stored 0%)
updating: test5.txt (188 bytes security) (stored 0%)
adding: log.txt (188 bytes security) (deflated 76%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for really "Everyone"


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read    BUILTIN\K„ytt„j„t
(ID-IO) ALLOW Read    BUILTIN\K„ytt„j„t
(ID-NI) ALLOW Read    BUILTIN\Tehok„ytt„j„t
(ID-IO) ALLOW Read    BUILTIN\Tehok„ytt„j„t
(ID-NI) ALLOW Full access    BUILTIN\J„rjestelm„nvalvojat
(ID-IO) ALLOW Full access    BUILTIN\J„rjestelm„nvalvojat
(ID-NI) ALLOW Full access    NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access    NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access    LUOJA-OMISTAJA


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


Lue lisää

Ei näköjään toiminnu.

Ota tuo

http://computercops.biz/zx/Zupe/Find It NT-2K-XP.zip

Pura se omaan kansioon esim C:\Findit
Sitte avaa Findit kansio ja tuplaklikkaa find.bat kohtaa.
Anna sen scannata valmiks,voi mennä 10 min.
Ulos tulee output.txt pistä se tänne.

Juu kirjoitti:

Ei näköjään toiminnu.

Ota tuo

http://computercops.biz/zx/Zupe/Find It NT-2K-XP.zip

Pura se omaan kansioon esim C:\Findit
Sitte avaa Findit kansio ja tuplaklikkaa find.bat kohtaa.
Anna sen scannata valmiks,voi mennä 10 min.
Ulos tulee output.txt pistä se tänne.

Lue lisää

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Findit\Find It NT-2K-XP

------- System Files in System32 Directory -------

Asemalla C ei ole nime„.
Aseman sarjanumero on A08E-9D61

Kansio C:\WINDOWS\System32

15.02.2005 16:40 dllcache
16.01.2005 10:29 Microsoft
16.01.2005 10:28 32 {45216ADF-522B-4978-AD8F-7D3243201583}.dat
1 tiedosto(a) 32 tavua
2 kansio(ta) 14ÿ840ÿ864ÿ768 tavua vapaana

------- Hidden Files in System32 Directory -------

Asemalla C ei ole nime„.
Aseman sarjanumero on A08E-9D61

Kansio C:\WINDOWS\System32

15.02.2005 17:29 890 vsconfig.xml
15.02.2005 16:40 dllcache
16.01.2005 10:28 32 {45216ADF-522B-4978-AD8F-7D3243201583}.dat
16.01.2005 10:09 488 WindowsLogon.manifest
16.01.2005 10:09 488 logonui.exe.manifest
16.01.2005 10:09 749 sapi.cpl.manifest
16.01.2005 10:09 749 nwc.cpl.manifest
16.01.2005 10:09 749 wuaucpl.cpl.manifest
16.01.2005 10:09 749 cdplayer.exe.manifest
16.01.2005 10:09 749 ncpa.cpl.manifest
12.02.2000 00:15 4ÿ212 zllictbl.dat
10 tiedosto(a) 9ÿ855 tavua
1 kansio(ta) 14ÿ840ÿ860ÿ672 tavua vapaana

------------ Files Named "Guard" ---------------

Asemalla C ei ole nime„.
Aseman sarjanumero on A08E-9D61

Kansio C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Asemalla C ei ole nime„.
Aseman sarjanumero on A08E-9D61

Kansio C:\WINDOWS\System32

09.10.2001 14:00 2ÿ518 CONFIG.TMP
1 tiedosto(a) 2ÿ518 tavua
0 kansio(ta) 14ÿ840ÿ860ÿ672 tavua vapaana

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
cdplay~1.man Sun 16 Jan 2005 10.09.22 A..HR 749 0,73 K
logonu~1.man Sun 16 Jan 2005 10.09.30 A..HR 488 0,48 K
ncpacp~1.man Sun 16 Jan 2005 10.09.22 A..HR 749 0,73 K
nwccpl~1.man Sun 16 Jan 2005 10.09.22 A..HR 749 0,73 K
sapicp~1.man Sun 16 Jan 2005 10.09.22 A..HR 749 0,73 K
vsconfig.xml Tue 15 Feb 2005 17.29.34 A..H. 890 0,87 K
window~1.man Sun 16 Jan 2005 10.09.30 A..HR 488 0,48 K
wuaucp~1.man Sun 16 Jan 2005 10.09.22 A..HR 749 0,73 K
{45216~1.dat Sun 16 Jan 2005 10.28.12 A.SH. 32 0,03 K

9 items found: 9 files, 0 directories.
Total of file sizes: 5 643 bytes 5,51 K

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------


-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"




roosamarika kirjoitti:

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Findit\Find It NT-2K-XP

------- System Files in System32 Directory -------

Asemalla C ei ole nime„.
Aseman sarjanumero on A08E-9D61

Kansio C:\WINDOWS\System32

15.02.2005 16:40 dllcache
16.01.2005 10:29 Microsoft
16.01.2005 10:28 32 {45216ADF-522B-4978-AD8F-7D3243201583}.dat
1 tiedosto(a) 32 tavua
2 kansio(ta) 14ÿ840ÿ864ÿ768 tavua vapaana

------- Hidden Files in System32 Directory -------

Asemalla C ei ole nime„.
Aseman sarjanumero on A08E-9D61

Kansio C:\WINDOWS\System32

15.02.2005 17:29 890 vsconfig.xml
15.02.2005 16:40 dllcache
16.01.2005 10:28 32 {45216ADF-522B-4978-AD8F-7D3243201583}.dat
16.01.2005 10:09 488 WindowsLogon.manifest
16.01.2005 10:09 488 logonui.exe.manifest
16.01.2005 10:09 749 sapi.cpl.manifest
16.01.2005 10:09 749 nwc.cpl.manifest
16.01.2005 10:09 749 wuaucpl.cpl.manifest
16.01.2005 10:09 749 cdplayer.exe.manifest
16.01.2005 10:09 749 ncpa.cpl.manifest
12.02.2000 00:15 4ÿ212 zllictbl.dat
10 tiedosto(a) 9ÿ855 tavua
1 kansio(ta) 14ÿ840ÿ860ÿ672 tavua vapaana

------------ Files Named "Guard" ---------------

Asemalla C ei ole nime„.
Aseman sarjanumero on A08E-9D61

Kansio C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Asemalla C ei ole nime„.
Aseman sarjanumero on A08E-9D61

Kansio C:\WINDOWS\System32

09.10.2001 14:00 2ÿ518 CONFIG.TMP
1 tiedosto(a) 2ÿ518 tavua
0 kansio(ta) 14ÿ840ÿ860ÿ672 tavua vapaana

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
cdplay~1.man Sun 16 Jan 2005 10.09.22 A..HR 749 0,73 K
logonu~1.man Sun 16 Jan 2005 10.09.30 A..HR 488 0,48 K
ncpacp~1.man Sun 16 Jan 2005 10.09.22 A..HR 749 0,73 K
nwccpl~1.man Sun 16 Jan 2005 10.09.22 A..HR 749 0,73 K
sapicp~1.man Sun 16 Jan 2005 10.09.22 A..HR 749 0,73 K
vsconfig.xml Tue 15 Feb 2005 17.29.34 A..H. 890 0,87 K
window~1.man Sun 16 Jan 2005 10.09.30 A..HR 488 0,48 K
wuaucp~1.man Sun 16 Jan 2005 10.09.22 A..HR 749 0,73 K
{45216~1.dat Sun 16 Jan 2005 10.28.12 A.SH. 32 0,03 K

9 items found: 9 files, 0 directories.
Total of file sizes: 5 643 bytes 5,51 K

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------


-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"




Lue lisää

Näyttää pikkasen siltä,että tämä variantti ei oo hyökänny kaikilla tehoilla sun kimppuun.

Scannaa kone tolla ja kopioi alaikkunaan ilmestyvät tänne.

http://koti.mbnet.fi/pattaya1/escanmwav.htm

Juu kirjoitti:

Näyttää pikkasen siltä,että tämä variantti ei oo hyökänny kaikilla tehoilla sun kimppuun.

Scannaa kone tolla ja kopioi alaikkunaan ilmestyvät tänne.

http://koti.mbnet.fi/pattaya1/escanmwav.htm

Lue lisää

Hain eScanin ja päivitin sen ennenkuin skannasin.

File C:\WINDOWS\cxtpls_loader.exe tagged as not-a-virus:AdWare.Apropos.b. No Action Taken.
File C:\WINDOWS\d8.exe infected by "Trojan-Downloader.Win32.Small.ahx" Virus. Action Taken: File Deleted.
File C:\WINDOWS\SSK_B5.EXE infected by "Trojan-Dropper.Win32.SurfSide.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\akcore.dll tagged as not-a-virus:AdWare.Coreak. No Action Taken.
File C:\WINDOWS\System32\aklsp.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\akrules.dll infected by "Trojan-Downloader.Win32.Agent.bt" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\akupd.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\ffInst.exe tagged as not-a-virus:AdWare.Look2Me.r. No Action Taken.
File C:\WINDOWS\System32\mqphc.exe infected by "Trojan-Downloader.Win32.Agent.ji" Virus. Action Taken: File Deleted.
File C:\backup.zip tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\Documents and Settings\Ohukaisen poppoo\Local Settings\Temp\dnyyzic.tmp tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\Documents and Settings\Ohukaisen poppoo\Local Settings\Temp\dnyyzil.tmp tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009455.exe infected by "Trojan-Downloader.Win32.Wintool.e" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009456.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009460.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009471.exe infected by "Trojan-Downloader.Win32.Small.aco" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009472.exe tagged as not-a-virus:AdWare.MetaDirect.a. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009473.exe tagged as not-a-virus:AdWare.VirtualBouncer.c. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009479.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009481.exe tagged as not-a-virus:AdWare.VirtualBouncer.i. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009485.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009486.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP81\A0009490.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP81\A0009494.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP82\A0009509.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP82\A0009513.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP82\A0009519.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009524.exe tagged as not-a-virus:AdWare.VirtualBouncer.g. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009525.exe tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009526.dll tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009531.exe infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009533.exe tagged as not-a-virus:AdWare.Zestyfind. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009538.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009539.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0010538.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0010539.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0010543.exe infected by "Trojan-Downloader.Win32.Agent.ji" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0010546.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0010549.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP84\A0010551.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP84\A0010552.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP84\A0010553.dll tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP84\snapshot\MFEX-1.DAT tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP84\snapshot\MFEX-2.DAT tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010563.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010569.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010608.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010620.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010627.EXE tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010632.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010641.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010642.exe tagged as not-a-virus:AdWare.WebSearch.f. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010643.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010644.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP86\A0010649.exe infected by "Trojan-Downloader.Win32.Small.aco" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010715.dll tagged as not-a-virus:AdWare.TotalVelocity.af. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010748.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010749.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010750.exe infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010751.EXE infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010752.EXE infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010756.EXE tagged as not-a-virus:AdWare.VirtualBouncer.j. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010757.EXE tagged as not-a-virus:AdWare.VirtualBouncer.j. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010760.EXE tagged as not-a-virus:AdWare.VirtualBouncer. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010762.exe infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010764.exe infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010765.exe infected by "Trojan-Downloader.Win32.Lookme.g" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010766.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010769.dll tagged as not-a-virus:AdWare.Apropos.e. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010770.exe tagged as not-a-virus:AdWare.Apropos.f. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010780.ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010787.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010794.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010795.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010796.EXE tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010797.exe tagged as not-a-virus:AdWare.WebSearch.f. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010802.exe infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010805.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010806.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010807.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010810.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010829.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010830.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010864.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010865.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010866.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010872.EXE tagged as not-a-virus:AdWare.VirtualBouncer.g. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010891.EXE tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010945.EXE infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010998.exe infected by "Trojan-Downloader.Win32.Agent.ji" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011000.exe tagged as not-a-virus:AdWare.WebSearch.f. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011001.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011002.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011003.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011004.exe infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011005.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011011.EXE infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011012.exe tagged as not-a-virus:AdWare.WinShow.f. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011025.DLL tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011033.EXE tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011034.DLL tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011035.dll tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011046.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP88\A0011062.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011085.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011104.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011107.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011108.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011109.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011213.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011223.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011224.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011225.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011230.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011251.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011262.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011263.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011437.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011450.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011458.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011464.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011465.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011466.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011467.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011468.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011470.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011474.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\WINDOWS\cxtpls_loader.exe tagged as not-a-virus:AdWare.Apropos.b. No Action Taken.
File C:\WINDOWS\system32\akcore.dll tagged as not-a-virus:AdWare.Coreak. No Action Taken.
File C:\WINDOWS\system32\ffInst.exe tagged as not-a-virus:AdWare.Look2Me.r. No Action Taken.
File D:\Asennukset\l2mfix.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File D:\Asennukset\l2mfix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.

roosamarika kirjoitti:

Hain eScanin ja päivitin sen ennenkuin skannasin.

File C:\WINDOWS\cxtpls_loader.exe tagged as not-a-virus:AdWare.Apropos.b. No Action Taken.
File C:\WINDOWS\d8.exe infected by "Trojan-Downloader.Win32.Small.ahx" Virus. Action Taken: File Deleted.
File C:\WINDOWS\SSK_B5.EXE infected by "Trojan-Dropper.Win32.SurfSide.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\akcore.dll tagged as not-a-virus:AdWare.Coreak. No Action Taken.
File C:\WINDOWS\System32\aklsp.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\akrules.dll infected by "Trojan-Downloader.Win32.Agent.bt" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\akupd.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\ffInst.exe tagged as not-a-virus:AdWare.Look2Me.r. No Action Taken.
File C:\WINDOWS\System32\mqphc.exe infected by "Trojan-Downloader.Win32.Agent.ji" Virus. Action Taken: File Deleted.
File C:\backup.zip tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\Documents and Settings\Ohukaisen poppoo\Local Settings\Temp\dnyyzic.tmp tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\Documents and Settings\Ohukaisen poppoo\Local Settings\Temp\dnyyzil.tmp tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009455.exe infected by "Trojan-Downloader.Win32.Wintool.e" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009456.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009460.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009471.exe infected by "Trojan-Downloader.Win32.Small.aco" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009472.exe tagged as not-a-virus:AdWare.MetaDirect.a. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009473.exe tagged as not-a-virus:AdWare.VirtualBouncer.c. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009479.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009481.exe tagged as not-a-virus:AdWare.VirtualBouncer.i. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009485.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP80\A0009486.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP81\A0009490.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP81\A0009494.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP82\A0009509.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP82\A0009513.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP82\A0009519.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009524.exe tagged as not-a-virus:AdWare.VirtualBouncer.g. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009525.exe tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009526.dll tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009531.exe infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009533.exe tagged as not-a-virus:AdWare.Zestyfind. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009538.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0009539.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0010538.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0010539.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0010543.exe infected by "Trojan-Downloader.Win32.Agent.ji" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0010546.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP83\A0010549.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP84\A0010551.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP84\A0010552.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP84\A0010553.dll tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP84\snapshot\MFEX-1.DAT tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP84\snapshot\MFEX-2.DAT tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010563.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010569.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010608.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010620.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010627.EXE tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010632.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010641.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010642.exe tagged as not-a-virus:AdWare.WebSearch.f. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010643.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP85\A0010644.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP86\A0010649.exe infected by "Trojan-Downloader.Win32.Small.aco" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010715.dll tagged as not-a-virus:AdWare.TotalVelocity.af. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010748.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010749.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010750.exe infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010751.EXE infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010752.EXE infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010756.EXE tagged as not-a-virus:AdWare.VirtualBouncer.j. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010757.EXE tagged as not-a-virus:AdWare.VirtualBouncer.j. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010760.EXE tagged as not-a-virus:AdWare.VirtualBouncer. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010762.exe infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010764.exe infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010765.exe infected by "Trojan-Downloader.Win32.Lookme.g" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010766.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010769.dll tagged as not-a-virus:AdWare.Apropos.e. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010770.exe tagged as not-a-virus:AdWare.Apropos.f. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010780.ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010787.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010794.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010795.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010796.EXE tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010797.exe tagged as not-a-virus:AdWare.WebSearch.f. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010802.exe infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010805.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010806.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010807.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010810.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010829.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010830.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010864.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010865.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010866.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010872.EXE tagged as not-a-virus:AdWare.VirtualBouncer.g. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010891.EXE tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010945.EXE infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0010998.exe infected by "Trojan-Downloader.Win32.Agent.ji" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011000.exe tagged as not-a-virus:AdWare.WebSearch.f. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011001.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011002.dll tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011003.exe tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011004.exe infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011005.exe tagged as not-a-virus:AdWare.WebSearch.n. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011011.EXE infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011012.exe tagged as not-a-virus:AdWare.WinShow.f. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011025.DLL tagged as not-a-virus:AdWare.WebSearch.o. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011033.EXE tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011034.DLL tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011035.dll tagged as not-a-virus:AdWare.Wintol.t. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP87\A0011046.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP88\A0011062.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011085.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011104.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011107.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011108.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011109.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011213.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011223.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011224.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011225.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011230.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011251.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011262.DLL tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011263.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011437.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011450.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011458.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011464.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011465.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011466.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011467.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011468.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011470.dll tagged as not-a-virus:AdWare.Look2Me.u. No Action Taken.
File C:\System Volume Information\_restore{2E93BA62-378C-43DA-BCB6-3FC34C93CFD5}\RP91\A0011474.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\WINDOWS\cxtpls_loader.exe tagged as not-a-virus:AdWare.Apropos.b. No Action Taken.
File C:\WINDOWS\system32\akcore.dll tagged as not-a-virus:AdWare.Coreak. No Action Taken.
File C:\WINDOWS\system32\ffInst.exe tagged as not-a-virus:AdWare.Look2Me.r. No Action Taken.
File D:\Asennukset\l2mfix.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File D:\Asennukset\l2mfix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.

Lue lisää

Sanoit tuolla aikasemmin näin

> Ajoin sen l2mFix.exen. Oliko tarkoitus tehdä se 2. siitä? <

Ajoikko sen kakkosen jos ajoit,niin se selittäis koko homman.

Poista nuo

C:\WINDOWS\cxtpls_loader.exe
C:\WINDOWS\System32\akcore.dll
C:\WINDOWS\System32\ffInst.exe

C:\Documents and Settings\Ohukaisen poppoo\Local Settings\Temp\
- tyhjennä tuolta tuo Temp kansio (älä poista sitä)


Siirrä se Hijackki omaan kansioon tonne
C:\HjT\HijackThis.exe

Merkkaa ja FIX:saa nuo

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

Jos pukkaa jotain erroria taas,niin koita vikasietotilassa.
Ilmota miten kävi.

Juu kirjoitti:

Sanoit tuolla aikasemmin näin

> Ajoin sen l2mFix.exen. Oliko tarkoitus tehdä se 2. siitä? <

Ajoikko sen kakkosen jos ajoit,niin se selittäis koko homman.

Poista nuo

C:\WINDOWS\cxtpls_loader.exe
C:\WINDOWS\System32\akcore.dll
C:\WINDOWS\System32\ffInst.exe

C:\Documents and Settings\Ohukaisen poppoo\Local Settings\Temp\
- tyhjennä tuolta tuo Temp kansio (älä poista sitä)


Siirrä se Hijackki omaan kansioon tonne
C:\HjT\HijackThis.exe

Merkkaa ja FIX:saa nuo

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

Jos pukkaa jotain erroria taas,niin koita vikasietotilassa.
Ilmota miten kävi.

Lue lisää

ajoin....

Teen kuten sanoit katsotaan sitten.

O23 - Service: teysapytgbog - Unknown - C:\WINDOWS\System32\kzozjdbu5.exe (file missing)

Pitäiskö poistaa? "File missing" mitäs se tarkoittanee???

> Älä sano että vielä olisi jotain... <

Äläs ny eihän tässä oo kiire mihinkään...heh

Siellä järjestelmänpalutuksessa on paljo roinaa,joten sammuta se ja sitte käynnistä kone uudestaan ja pistä se takas päälle ja tee uus palautuspiste.

Sitte on homma selvä.

roosamarika kirjoitti:

O23 - Service: teysapytgbog - Unknown - C:\WINDOWS\System32\kzozjdbu5.exe (file missing)

Pitäiskö poistaa? "File missing" mitäs se tarkoittanee???

Ei sitä enää näy,ainakaan mun silmällä.

Juu kirjoitti:

> Älä sano että vielä olisi jotain... <

Äläs ny eihän tässä oo kiire mihinkään...heh

Siellä järjestelmänpalutuksessa on paljo roinaa,joten sammuta se ja sitte käynnistä kone uudestaan ja pistä se takas päälle ja tee uus palautuspiste.

Sitte on homma selvä.

Lue lisää

juujuujuu kiitti sulle kauheesti.

Ei mulla näköjään niin kiire ollutkaan =D!!!

roosamarika kirjoitti:

juujuujuu kiitti sulle kauheesti.

Ei mulla näköjään niin kiire ollutkaan =D!!!

että voin suojautua tuollaisia vastaan, olisiko viisasta päivittää se sp2 ja käyttää muuta selainta kuin IE:tä? Mulla on kyllä Operakin, käytän sitä harvemmin.
Kerran mulla oli jo tuo sp2, mutta jotkut ohjelmat eivät oikein mielestäni pelanneet kunnolla silloin.. vai olikohan mukana jotain luulotautisuutta kenties?? =D!!!

roosamarika kirjoitti:

että voin suojautua tuollaisia vastaan, olisiko viisasta päivittää se sp2 ja käyttää muuta selainta kuin IE:tä? Mulla on kyllä Operakin, käytän sitä harvemmin.
Kerran mulla oli jo tuo sp2, mutta jotkut ohjelmat eivät oikein mielestäni pelanneet kunnolla silloin.. vai olikohan mukana jotain luulotautisuutta kenties?? =D!!!

Lue lisää

> käyttää muuta selainta kuin IE:tä <

Joo heleposti

Monella on kuulemma ollu pieniä ongelmia ton SP2:sen asennuksen jälkeen.
En ole itekkään "tohtinnu" sitä vielä asentaa.