|
Keskustelualueet
Keskustelualueet
|
|
hjt loki...
|
|
albertto
Junior Member
|
29. marraskuuta 2005 @ 11:33 |
Linkki tähän viestiin
|
tossa olis...
L2MFIX find log 1.99
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"Logoff"="NavLogoffEvent"
"DllName"="C:\\WINDOWS\\System32\\NavLogon.dll"
"StartShell"="NavStartShellEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C52160B0-9EDF-1D11-1ED5-643434566CB4}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym?laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N?ytt?sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K?ytt?liittym?n leikkeidenk?sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym?laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n?yt?n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym?laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym?laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym?laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym?laajennukset"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht?v?t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht?v?palkki ja K?ynnist?-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S?hk?posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty?kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty?kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint?palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L?hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j?sent?j?"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v?limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K?ytt?liittym?n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k?sittelyst? (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist?"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K?ytt?j?tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk?sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil?it?..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{916C8406-FC1B-40BF-AA9C-5869D4761F88}"=""
"{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"=""
"{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"=""
"{48A7FC0E-5187-429F-859D-9AA62B84E658}"=""
"{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"=""
"{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"=""
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"=""
"{099A3150-A10E-42D6-BE7E-566FA64F2F28}"=""
"{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"=""
"{C53E313C-0413-42B4-BC49-F61C9596F9FF}"=""
"{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"=""
"{42E89400-7921-401B-BC49-5FB3F219C34C}"=""
"{48C3EC2A-484C-463A-8440-BABEBDD2630C}"=""
"{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"=""
"{AA8F64C8-8B7B-4717-9A09-43998B958896}"=""
"{2185FB55-309A-4B7C-9C77-98A3089FAA03}"=""
"{826295B6-8FE4-413C-ABFE-68F75599DC43}"=""
"{655436C4-E4A5-4E51-B617-ACC50FE1677A}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{916C8406-FC1B-40BF-AA9C-5869D4761F88}\InprocServer32]
@="C:\\WINDOWS\\system32\\rfvpmsg.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FCD70C7B-13C3-4559-8369-47ECC88CE27B}\InprocServer32]
@="C:\\WINDOWS\\system32\\ofbcint.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48A7FC0E-5187-429F-859D-9AA62B84E658}\InprocServer32]
@="C:\\WINDOWS\\system32\\dbmasf.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}\InprocServer32]
@="C:\\WINDOWS\\system32\\dWdxof.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}\InprocServer32]
@="C:\\WINDOWS\\system32\\mkcbase.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{099A3150-A10E-42D6-BE7E-566FA64F2F28}\InprocServer32]
@="C:\\WINDOWS\\system32\\smxcoins.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjvcp60.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C53E313C-0413-42B4-BC49-F61C9596F9FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\ndxpnt.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}\InprocServer32]
@="C:\\WINDOWS\\system32\\ljc32vc0.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{42E89400-7921-401B-BC49-5FB3F219C34C}\InprocServer32]
@="C:\\WINDOWS\\system32\\uercoina.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48C3EC2A-484C-463A-8440-BABEBDD2630C}\InprocServer32]
@="C:\\WINDOWS\\system32\\okbcint.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{836B603B-AB0D-4C42-B36F-1F7B39000F3D}\InprocServer32]
@="C:\\WINDOWS\\system32\\oypdx32.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AA8F64C8-8B7B-4717-9A09-43998B958896}\InprocServer32]
@="C:\\WINDOWS\\system32\\sfxcoins.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2185FB55-309A-4B7C-9C77-98A3089FAA03}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{826295B6-8FE4-413C-ABFE-68F75599DC43}\InprocServer32]
@="C:\\WINDOWS\\system32\\nfmsapi.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{655436C4-E4A5-4E51-B617-ACC50FE1677A}\InprocServer32]
@="C:\\WINDOWS\\system32\\lmbmp13n.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K
vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K
vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K
vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K
vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K
vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K
vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K
vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K
zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K
zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K
10 items found: 10 files, 0 directories.
Total of file sizes: 1 266 072 bytes 1,21 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Asemalla C ei ole nime?.
Aseman sarjanumero on 7C49-36F0
Kansio C:\WINDOWS\System32
28.11.2005 07:48 <KANSIO> dllcache
27.07.2005 13:30 <KANSIO> Microsoft
0 tiedosto(a) 0 tavua
2 kansio(ta) 87˙188˙705˙280 tavua vapaana
|
AfterDawn Addict
|
29. marraskuuta 2005 @ 11:34 |
Linkki tähän viestiin
|
Noi on kaikki järjestelmän palautus-kansiossa eli ei suurta hätää.
Saat ne pois sieltä vaikka eScanilla -> http://koti.mbnet.fi/pattaya1/escanmwav.htm . Ohjeet löytyy tuolta sivulta. Lähetä sitten tänne "örkkitulokset" (ohje sivulla, alin kuva ja sen yläpuolella oleva teksti). Sen voit tehdä vaikka tuon l2mfixin jälkeen.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. marraskuuta 2005 @ 11:44
|
albertto
Junior Member
|
29. marraskuuta 2005 @ 11:42 |
Linkki tähän viestiin
|
ei toimi tuo linkki... mä sendasin jo sen lokin tuosta minkä pyysit
|
AfterDawn Addict
|
29. marraskuuta 2005 @ 11:46 |
Linkki tähän viestiin
|
Nyt toimii linkki, sori. Ei tuo lähde millään pois, niin saa olla. Ei ole kuitenkaan kun rekisteriavain.
|
albertto
Junior Member
|
29. marraskuuta 2005 @ 11:48 |
Linkki tähän viestiin
|
ok... kiitoksia muuten sulle todella paljon tästä sun avusta...
|
AfterDawn Addict
|
29. marraskuuta 2005 @ 11:51 |
Linkki tähän viestiin
|
Ole hyvä. Jos vielä viitsit skannata tolla eScanilla(kun korjasin linkinkin ;) ja laittaa tulokset tänne, niin olis hyvä :)
|
albertto
Junior Member
|
29. marraskuuta 2005 @ 15:42 |
Linkki tähän viestiin
|
näyttää olevan liian iso loki laitettavaksi tänne... mitäs nyt?
|
AfterDawn Addict
|
29. marraskuuta 2005 @ 15:47 |
Linkki tähän viestiin
|
Ei se ole. Katso ohjeet sieltä linkistä, alin kuva ja sen yläpuolella oleva teksti.
|
Senior Member
|
29. marraskuuta 2005 @ 17:41 |
Linkki tähän viestiin
|
Tuo on hieman väärä loki, näyttää mitä se scannas. Se alempi laatikko siinä eScannissa pitää tänne postata! Todelliseksi örkkipesäksi paljastu kuitenkin kone.
Poista tämä edellinen väärä eScannin loki.
Tilalle laita: C juuressa olevasta Kasperskyn kansiosta mwXface tiedoston sisältö.
|
albertto
Junior Member
|
29. marraskuuta 2005 @ 17:46 |
Linkki tähän viestiin
|
tässä
[0x00000f2c] 29/11/2005 17:22:47:983 :[msvLclnt.dll]ModuleName = C:\Kaspersky\mwavscan.com
[0x00000f2c] 29/11/2005 17:22:47:983 :[msvLclnt.dll]WARNING!!! "Autokey" Not Found
[0x00000f2c] 29/11/2005 17:22:49:389 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
[0x00000f2c] 29/11/2005 17:22:49:389 :[msvLclnt.dll]Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[0x00000f2c] 29/11/2005 17:22:49:389 :[msvLclnt.dll]TimeOut : ffffffff
[0x00000f2c] 29/11/2005 17:22:49:405 :[msvLclnt.dll]Priority : NORMAL
[0x00000f2c] 29/11/2005 17:22:49:874 :[msvLclnt.dll]VirusCount = 160792 Latest Date = 2005/11/21
[0x00000d24] 29/11/2005 17:32:55:936 :[msvLclnt.dll]ModuleName = C:\Kaspersky\mwavscan.com
[0x00000d24] 29/11/2005 17:32:55:936 :[msvLclnt.dll]Registry Key Deleted Properly!!!
[0x00000d24] 29/11/2005 17:32:56:655 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
[0x00000d24] 29/11/2005 17:32:56:655 :[msvLclnt.dll]Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[0x00000d24] 29/11/2005 17:32:56:655 :[msvLclnt.dll]TimeOut : ffffffff
[0x00000d24] 29/11/2005 17:32:56:655 :[msvLclnt.dll]Priority : NORMAL
[0x00000d24] 29/11/2005 17:32:56:936 :[msvLclnt.dll]VirusCount = 162144 Latest Date = 2005/11/29
[0x000002e0] 29/11/2005 17:38:40:952 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80000.VBN infected by Trojan.Win32.LowZones.cq
[0x000002e0] 29/11/2005 19:48:10:124 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80000.VBN infected by Trojan.Win32.LowZones.cq
[0x000002e0] 29/11/2005 19:48:10:218 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80001.VBN infected by Trojan.Win32.LowZones.cq
[0x000002e0] 29/11/2005 19:48:10:249 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80001.VBN infected by Trojan.Win32.LowZones.cq
[0x000002e0] 29/11/2005 19:48:10:327 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80002.VBN infected by Trojan.Win32.LowZones.cq
[0x000002e0] 29/11/2005 19:48:10:343 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80002.VBN infected by Trojan.Win32.LowZones.cq
[0x000002e0] 29/11/2005 19:48:10:421 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80003.VBN infected by Trojan.Win32.LowZones.cq
[0x000002e0] 29/11/2005 19:48:10:436 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80003.VBN infected by Trojan.Win32.LowZones.cq
[0x000002e0] 29/11/2005 19:48:10:530 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80004.VBN infected by Backdoor.Win32.Codbot.bd
[0x000002e0] 29/11/2005 19:48:10:577 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80004.VBN infected by Backdoor.Win32.Codbot.bd
[0x000002e0] 29/11/2005 19:48:11:218 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80005.VBN infected by Backdoor.Win32.PoeBot.b
[0x000002e0] 29/11/2005 19:48:11:327 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80005.VBN infected by Backdoor.Win32.PoeBot.b
[0x000002e0] 29/11/2005 19:48:11:577 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80006.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:11:702 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80006.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:11:764 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80007.VBN infected by Trojan.Win32.LowZones.cq
[0x000002e0] 29/11/2005 19:48:11:780 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01A80007.VBN infected by Trojan.Win32.LowZones.cq
[0x000002e0] 29/11/2005 19:48:11:874 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03780000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:11:921 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03780000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:11:999 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03780001.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:12:030 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03780001.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:12:296 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03C80000.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:12:405 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03C80000.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:12:671 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\040C0000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:12:702 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\040C0000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:12:780 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:12:811 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:12:983 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40001.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:13:108 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40001.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:13:202 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40002.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:13:233 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40002.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:13:296 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40003.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:13:343 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40003.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:13:530 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40004.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:13:639 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40004.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:13:843 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40005.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:13:952 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40005.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:14:171 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:14:202 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:14:264 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540001.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:14:311 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540001.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:14:593 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0000.VBN infected by Backdoor.Win32.PoeBot.b
[0x000002e0] 29/11/2005 19:48:14:686 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0000.VBN infected by Backdoor.Win32.PoeBot.b
[0x000002e0] 29/11/2005 19:48:14:858 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0001.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:14:983 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0001.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:15:077 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08380000.VBN infected by Backdoor.Win32.Codbot.bd
[0x000002e0] 29/11/2005 19:48:15:202 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08380000.VBN infected by Backdoor.Win32.Codbot.bd
[0x000002e0] 29/11/2005 19:48:15:468 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08380001.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:15:593 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08380001.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:15:718 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08BC0000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:15:749 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08BC0000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:15:827 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:15:858 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:15:921 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80001.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:15:952 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A80001.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:16:077 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09C00000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:16:108 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09C00000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:16:202 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:16:233 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440000.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:16:311 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440001.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:16:343 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440001.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:16:530 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440002.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:16:561 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440002.VBN infected by Trojan-Dropper.Win32.Agent.ye
[0x000002e0] 29/11/2005 19:48:16:764 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440003.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:48:16:874 :[msvLclnt.dll][00000001] File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A440003.VBN infected by Trojan-Dropper.Win32.Paradrop.a
[0x000002e0] 29/11/2005 19:53:02:624 :[msvLclnt.dll][00000001] File C:\Documents and Settings\allu\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe infected by Trojan-Downloader.Win32.TSUpdate.n
[0x000002e0] 29/11/2005 19:53:02:952 :[msvLclnt.dll][00000001] File C:\Documents and Settings\allu\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe infected by Trojan-Downloader.Win32.TSUpdate.n
[0x000002e0] 29/11/2005 20:05:07:968 :[msvLclnt.dll][00000001] File C:\Program Files\Common Files\rimu\rimup.exe infected by Trojan-Downloader.Win32.TSUpdate.f
[0x000002e0] 29/11/2005 20:05:07:999 :[msvLclnt.dll][00000001] File C:\Program Files\Common Files\rimu\rimup.exe infected by Trojan-Downloader.Win32.TSUpdate.f
[0x000002e0] 29/11/2005 20:05:46:702 :[msvLclnt.dll][00000001] File C:\Program Files\mIRC\mirc.exe infected by not-a-virus:Client-IRC.Win32.mIRC.616
[0x000002e0] 29/11/2005 20:06:40:764 :[msvLclnt.dll][00000001] File C:\stub_113_4_0_4_0.exe infected by Trojan-Downloader.Win32.TSUpdate.o
[0x000002e0] 29/11/2005 20:06:40:811 :[msvLclnt.dll][00000001] File C:\stub_113_4_0_4_0.exe infected by Trojan-Downloader.Win32.TSUpdate.o
[0x000002e0] 29/11/2005 20:06:43:389 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026913.exe infected by not-a-virus:AdWare.Win32.AdURL.c
[0x000002e0] 29/11/2005 20:06:43:608 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026917.exe infected by Trojan-Downloader.Win32.Dyfuca.ei
[0x000002e0] 29/11/2005 20:06:43:655 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026917.exe infected by Trojan-Downloader.Win32.Dyfuca.ei
[0x000002e0] 29/11/2005 20:06:43:686 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026918.exe infected by Trojan-Downloader.Win32.Small.afq
[0x000002e0] 29/11/2005 20:06:43:718 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026918.exe infected by Trojan-Downloader.Win32.Small.afq
[0x000002e0] 29/11/2005 20:06:43:936 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026923.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:06:44:030 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026925.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:06:44:249 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0026932.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:01:718 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027155.exe infected by Trojan.Win32.LowZones.am
[0x000002e0] 29/11/2005 20:07:01:733 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027155.exe infected by Trojan.Win32.LowZones.am
[0x000002e0] 29/11/2005 20:07:01:889 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027156.exe infected by Trojan.Win32.LowZones.am
[0x000002e0] 29/11/2005 20:07:01:952 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027156.exe infected by Trojan.Win32.LowZones.am
[0x000002e0] 29/11/2005 20:07:02:155 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027161.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:02:499 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027170.exe infected by Trojan.Win32.Delf.og
[0x000002e0] 29/11/2005 20:07:02:546 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027170.exe infected by Trojan.Win32.Delf.og
[0x000002e0] 29/11/2005 20:07:02:639 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027171.dll infected by Trojan-Spy.Win32.Agent.gk
[0x000002e0] 29/11/2005 20:07:02:702 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027171.dll infected by Trojan-Spy.Win32.Agent.gk
[0x000002e0] 29/11/2005 20:07:02:843 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027172.exe infected by Trojan-Spy.Win32.VB.eh
[0x000002e0] 29/11/2005 20:07:02:905 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027172.exe infected by Trojan-Spy.Win32.VB.eh
[0x000002e0] 29/11/2005 20:07:07:983 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027223.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:08:093 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP158\A0027224.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:09:686 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027238.exe infected by Trojan-Downloader.Win32.Small.afq
[0x000002e0] 29/11/2005 20:07:09:702 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027238.exe infected by Trojan-Downloader.Win32.Small.afq
[0x000002e0] 29/11/2005 20:07:09:952 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027243.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:10:186 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027250.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:10:421 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027258.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:10:530 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027262.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:10:733 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027270.exe infected by Trojan-Downloader.Win32.Small.afq
[0x000002e0] 29/11/2005 20:07:10:749 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027270.exe infected by Trojan-Downloader.Win32.Small.afq
[0x000002e0] 29/11/2005 20:07:10:811 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027271.exe infected by Trojan.Win32.Delf.og
[0x000002e0] 29/11/2005 20:07:10:858 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027271.exe infected by Trojan.Win32.Delf.og
[0x000002e0] 29/11/2005 20:07:10:952 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027272.dll infected by Trojan-Spy.Win32.Agent.gk
[0x000002e0] 29/11/2005 20:07:10:999 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027272.dll infected by Trojan-Spy.Win32.Agent.gk
[0x000002e0] 29/11/2005 20:07:11:124 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027273.exe infected by Trojan-Spy.Win32.VB.eh
[0x000002e0] 29/11/2005 20:07:11:186 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027273.exe infected by Trojan-Spy.Win32.VB.eh
[0x000002e0] 29/11/2005 20:07:11:233 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027274.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:11:343 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027275.exe infected by Trojan.Win32.LowZones.am
[0x000002e0] 29/11/2005 20:07:11:405 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027275.exe infected by Trojan.Win32.LowZones.am
[0x000002e0] 29/11/2005 20:07:11:468 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027276.exe infected by Trojan-Downloader.Win32.Dyfuca.ei
[0x000002e0] 29/11/2005 20:07:11:514 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027276.exe infected by Trojan-Downloader.Win32.Dyfuca.ei
[0x000002e0] 29/11/2005 20:07:11:624 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027279.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:11:749 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027285.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:12:421 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027299.dll infected by not-a-virus:AdWare.Win32.WinAD.bs
[0x000002e0] 29/11/2005 20:07:12:499 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027302.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:12:671 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027310.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:12:811 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027318.exe infected by Trojan-Downloader.Win32.Dyfuca.ei
[0x000002e0] 29/11/2005 20:07:12:858 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027318.exe infected by Trojan-Downloader.Win32.Dyfuca.ei
[0x000002e0] 29/11/2005 20:07:12:905 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027320.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:12:999 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027323.dll infected by not-a-virus:AdWare.Win32.E2Give.c
[0x000002e0] 29/11/2005 20:07:13:124 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027325.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:13:280 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027330.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:13:343 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027332.exe infected by not-a-virus:AdWare.Win32.AdURL.c
[0x000002e0] 29/11/2005 20:07:13:405 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027335.exe infected by Trojan.Win32.LowZones.am
[0x000002e0] 29/11/2005 20:07:13:436 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027335.exe infected by Trojan.Win32.LowZones.am
[0x000002e0] 29/11/2005 20:07:13:514 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027338.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:14:030 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027347.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:14:124 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027351.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:14:358 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027358.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:14:593 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027367.exe infected by Trojan-Downloader.Win32.VB.ri
[0x000002e0] 29/11/2005 20:07:14:655 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027367.exe infected by Trojan-Downloader.Win32.VB.ri
[0x000002e0] 29/11/2005 20:07:14:733 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027368.exe infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:14:827 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027369.exe infected by Trojan-Downloader.Win32.Small.buy
[0x000002e0] 29/11/2005 20:07:14:889 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027369.exe infected by Trojan-Downloader.Win32.Small.buy
[0x000002e0] 29/11/2005 20:07:14:952 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027370.exe infected by Trojan-Downloader.Win32.TSUpdate.l
[0x000002e0] 29/11/2005 20:07:15:014 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027370.exe infected by Trojan-Downloader.Win32.TSUpdate.l
[0x000002e0] 29/11/2005 20:07:15:093 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027371.exe infected by Trojan-Downloader.Win32.TSUpdate.n
[0x000002e0] 29/11/2005 20:07:15:124 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027371.exe infected by Trojan-Downloader.Win32.TSUpdate.n
[0x000002e0] 29/11/2005 20:07:15:186 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027372.exe infected by Trojan.Win32.VB.afn
[0x000002e0] 29/11/2005 20:07:15:202 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027372.exe infected by Trojan.Win32.VB.afn
[0x000002e0] 29/11/2005 20:07:15:280 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027373.exe infected by not-a-virus:AdWare.Win32.AdURL.c
[0x000002e0] 29/11/2005 20:07:15:327 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027374.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:15:405 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027375.dll infected by Trojan-Spy.Win32.Agent.gk
[0x000002e0] 29/11/2005 20:07:15:468 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027375.dll infected by Trojan-Spy.Win32.Agent.gk
[0x000002e0] 29/11/2005 20:07:15:530 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027376.exe infected by Trojan.Win32.Delf.og
[0x000002e0] 29/11/2005 20:07:15:577 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027376.exe infected by Trojan.Win32.Delf.og
[0x000002e0] 29/11/2005 20:07:15:639 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027377.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:15:718 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027378.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:15:764 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027379.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:15:827 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027380.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:15:874 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027381.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:15:968 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027382.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:16:014 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027383.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:16:077 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027384.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:16:139 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027385.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:16:171 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027386.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:16:233 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027387.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:16:296 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027388.exe infected by Trojan.Win32.StartPage.aw
[0x000002e0] 29/11/2005 20:07:16:311 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP159\A0027388.exe infected by Trojan.Win32.StartPage.aw
[0x000002e0] 29/11/2005 20:07:19:014 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027410.dll infected by not-a-virus:AdWare.Win32.E2Give.c
[0x000002e0] 29/11/2005 20:07:19:218 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027416.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:19:311 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027417.exe infected by Trojan-Spy.Win32.VB.eh
[0x000002e0] 29/11/2005 20:07:19:374 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027417.exe infected by Trojan-Spy.Win32.VB.eh
[0x000002e0] 29/11/2005 20:07:19:546 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027420.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:20:655 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027445.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:20:702 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027446.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:20:889 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027453.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:20:952 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027454.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:21:061 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027458.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:21:264 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027465.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:21:343 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027466.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:21:624 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027477.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:21:936 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027488.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:22:155 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027496.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:22:218 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027497.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:22:343 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027500.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:22:593 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP161\A0027509.dLL infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:28:374 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027571.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:28:514 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027573.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:28:921 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027585.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:28:983 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027586.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:29:702 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027617.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:29:749 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027618.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:29:811 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027619.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:29:889 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP162\A0027620.dll infected by not-a-virus:AdWare.Win32.Look2Me.ab
[0x000002e0] 29/11/2005 20:07:32:046 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP163\A0027648.exe infected by Trojan-Downloader.Win32.TSUpdate.f
[0x000002e0] 29/11/2005 20:07:32:077 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP163\A0027648.exe infected by Trojan-Downloader.Win32.TSUpdate.f
[0x000002e0] 29/11/2005 20:07:32:139 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP163\A0027649.exe infected by Trojan-Downloader.Win32.TSUpdate.o
[0x000002e0] 29/11/2005 20:07:32:186 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{126D3530-07FC-4613-B536-7E448B284647}\RP163\A0027649.exe infected by Trojan-Downloader.Win32.TSUpdate.o
[0x000002e0] 29/11/2005 20:11:37:983 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WLUN0XAR\MediaGateway[1].exe infected by not-a-virus:AdWare.Win32.WinAD.bt
[0x000002e0] 29/11/2005 20:15:22:811 :[msvLclnt.dll]VirusCount = 162144 Latest Date = 2005/11/29
[0x00000d24] 29/11/2005 22:42:19:280 :[msvLclnt.dll]VirusCount = 162144 Latest Date = 2005/11/29
|
Moderator
7 tuotearviota
|
29. marraskuuta 2005 @ 18:06 |
Linkki tähän viestiin
|
Quote: Tuo on hieman väärä loki, näyttää mitä se scannas. Se alempi laatikko siinä eScannissa pitää tänne postata! Todelliseksi örkkipesäksi paljastu kuitenkin kone.
poistin kyseisen loki-tiedoston, oli "vähän" iso.. meni sivun lataaminen niin raskaaks et huh huh :)
|
Senior Member
|
29. marraskuuta 2005 @ 19:01 |
Linkki tähän viestiin
|
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. marraskuuta 2005 @ 20:04
|
albertto
Junior Member
|
29. marraskuuta 2005 @ 19:55 |
Linkki tähän viestiin
|
|
Senior Member
|
29. marraskuuta 2005 @ 20:00 |
Linkki tähän viestiin
|
|
albertto
Junior Member
|
29. marraskuuta 2005 @ 20:02 |
Linkki tähän viestiin
|
jatketaan huomenna... pitäis herätä 4 tunnin päästä duuniin...
|
albertto
Junior Member
|
30. marraskuuta 2005 @ 10:15 |
Linkki tähän viestiin
|
no niin.... tein kaiken mitä ppyydettiin.. tässä olis näitä lokeja....
L2MFIX find log 1.99
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"Logoff"="NavLogoffEvent"
"DllName"="C:\\WINDOWS\\System32\\NavLogon.dll"
"StartShell"="NavStartShellEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C52160B0-9EDF-1D11-1ED5-643434566CB4}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym?laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N?ytt?sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K?ytt?liittym?n leikkeidenk?sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym?laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n?yt?n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym?laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym?laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym?laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym?laajennukset"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht?v?t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht?v?palkki ja K?ynnist?-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S?hk?posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty?kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty?kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint?palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L?hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j?sent?j?"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v?limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K?ytt?liittym?n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k?sittelyst? (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist?"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K?ytt?j?tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk?sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil?it?..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{916C8406-FC1B-40BF-AA9C-5869D4761F88}"=""
"{2CBD5AB2-B8FB-4116-BA8F-B30656B14A21}"=""
"{FCD70C7B-13C3-4559-8369-47ECC88CE27B}"=""
"{48A7FC0E-5187-429F-859D-9AA62B84E658}"=""
"{053E49A1-F7D1-4F9F-A55C-D569AA6498D7}"=""
"{2F96BEF6-FC89-4ADF-B819-2960CA28CA21}"=""
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{3956E94C-BB8E-4F04-8AD3-D52B252EF6AC}"=""
"{099A3150-A10E-42D6-BE7E-566FA64F2F28}"=""
"{CC3DEC08-5706-4C2A-B3C9-ECDAC43C37E1}"=""
"{C53E313C-0413-42B4-BC49-F61C9596F9FF}"=""
"{788EC8AF-7E6B-4EEC-8D91-A7CB8A532DC3}"=""
"{42E89400-7921-401B-BC49-5FB3F219C34C}"=""
"{48C3EC2A-484C-463A-8440-BABEBDD2630C}"=""
"{836B603B-AB0D-4C42-B36F-1F7B39000F3D}"=""
"{AA8F64C8-8B7B-4717-9A09-43998B958896}"=""
"{2185FB55-309A-4B7C-9C77-98A3089FAA03}"=""
"{826295B6-8FE4-413C-ABFE-68F75599DC43}"=""
"{655436C4-E4A5-4E51-B617-ACC50FE1677A}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
atmtd.dll Sun 27 Nov 2005 17.13.36 A.... 4 656 4,55 K
vsdata.dll Tue 15 Nov 2005 0.50.30 A.... 83 720 81,76 K
vsinit.dll Tue 15 Nov 2005 0.50.42 A.... 141 064 137,76 K
vsmonapi.dll Tue 15 Nov 2005 0.50.52 A.... 104 208 101,77 K
vspubapi.dll Tue 15 Nov 2005 0.50.56 A.... 227 088 221,77 K
vsregexp.dll Tue 15 Nov 2005 0.51.00 A.... 71 440 69,77 K
vsutil.dll Tue 15 Nov 2005 0.51.12 A.... 382 728 373,76 K
vsxml.dll Tue 15 Nov 2005 0.51.20 A.... 100 104 97,76 K
zlcomm.dll Tue 15 Nov 2005 0.51.40 A.... 79 624 77,76 K
zlcommdb.dll Tue 15 Nov 2005 0.51.44 A.... 71 440 69,77 K
10 items found: 10 files, 0 directories.
Total of file sizes: 1 266 072 bytes 1,21 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Asemalla C ei ole nime?.
Aseman sarjanumero on 7C49-36F0
Kansio C:\WINDOWS\System32
28.11.2005 07:48 <KANSIO> dllcache
27.07.2005 13:30 <KANSIO> Microsoft
0 tiedosto(a) 0 tavua
2 kansio(ta) 85˙327˙433˙728 tavua vapaana
ja...
Logfile of HijackThis v1.99.1
Scan saved at 15:15:21, on 30.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ULI5289\JMAP5289.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Registry Clean Expert\RCScheduler.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\allu\Työpöytä\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl... O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
AfterDawn Addict
|
30. marraskuuta 2005 @ 10:24 |
Linkki tähän viestiin
|
Näyttää oikein hyvältä :) Ccleaner ilmeisesti siivosi turhia rekisteriavaimia pois. Yritetään vielä sitä rekisterifixiä.
Ota ensin varmuuskopio rekisteristä.
Sitten kopioi ja liitä tämä ja tallenna nimellä fix2.reg työpöydälle kuten edellä
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
Tuplaklikkaa, paina kyllä ja ok. Lähetä sitten l2mfix-loki option 1:sellä
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 30. marraskuuta 2005 @ 10:27
|
albertto
Junior Member
|
1. joulukuuta 2005 @ 08:12 |
Linkki tähän viestiin
|
ei onnistu... sanoo et:tiedosto ei ole rekisterin komentojono...????
|
AfterDawn Addict
|
1. joulukuuta 2005 @ 09:23 |
Linkki tähän viestiin
|
Ok. Kokeiles sitten näin:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
Tallenna muodossa "kaikki tiedostot" ja nimellä fix2.reg
|
albertto
Junior Member
|
1. joulukuuta 2005 @ 14:38 |
Linkki tähän viestiin
|
sama homma....
|
AfterDawn Addict
|
1. joulukuuta 2005 @ 15:24 |
Linkki tähän viestiin
|
Okei, en tiedä mikä on vialla. Aina ennen onnistunut. Antaa olla, ei haittaa :)
|
albertto
Junior Member
|
1. joulukuuta 2005 @ 15:37 |
Linkki tähän viestiin
|
ahaa... ok.. kiitos kaikille auttaneille...
|
Mainos
|
|
|
Senior Member
|
1. joulukuuta 2005 @ 19:14 |
Linkki tähän viestiin
|
En oikeastaan vielä lopettaisi. Pari todellä tärkeää juttua suosittelen.
Ihan tulevaisuuden ja turvallisuuden takia niin käynti Windows updatessa on tärkeää. Sinulta puuttuu SP1 sekä SP2. Mahdattomana en pitäisi että ongelmasi ei loppuun korjaantunut koska kyseiset kaksi puuttuvat.
Pistä kone siis vielä kuntoon täältä --> http://update.microsoft.com/ Välittämättä mikä windows nyt sattuukin olemaan koneella, varsinkin SP pakkaukset ovat tärkeitä, koneen immuniteetin takia.
----------------------------------------------------------------------
Toinen juttu on selain, parhaillaan näköjään örkkiimuri on kovassa käytössä.
IE kyllä käy sivut läpi hyvin mutta niin myös putsaa kaikki näiden roskat juuri sinun koneellesi. Sinun ei siis tarvitse kuin vähän eksyä netissä oudolle sivulle ja koneesi on sellaisessa kunnossa että joutuu taas turvautumaan erikoisohjelmiin puhdistuksessa.
Eli suosittelen todella selaimen vaihtoa, sitä et tule katumaan, muista :)
Aluksi voit vain kokeilla miltä edes seuraavat tuntuvat.
Firefox: http://download.mozilla.org/?product=firefox-1.0.7&os=win&lang=fi-FI Opera: http://www.opera.com/download/get.pl?id=27561
Tämän jälkeen en usko että samoja ongelmia tulisit kokemaan :)
|
|