L2Mfix 1.03a
Running From:
C:\Documents and Settings\Eigenaar\Bureaublad\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read INGEBOUWD\Gebruikers
(ID-IO) ALLOW Read INGEBOUWD\Gebruikers
(ID-NI) ALLOW Full access INGEBOUWD\Administrators
(ID-IO) ALLOW Full access INGEBOUWD\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access MAKER EIGENAAR
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- INGEBOUWD\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read INGEBOUWD\Gebruikers
(ID-IO) ALLOW Read INGEBOUWD\Gebruikers
(ID-NI) ALLOW Full access INGEBOUWD\Administrators
(ID-IO) ALLOW Full access INGEBOUWD\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access MAKER EIGENAAR
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\Eigenaar\Bureaublad\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\Eigenaar\Bureaublad\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Killing PID 1656 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 496 'rundll32.exe'
Killing PID 396 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\aza6l95s1.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\aza80e1ueh.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\azaq0335e.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\azledit.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\cimmdlg.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\dbdiagn.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\dddiagn.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\dicpmon.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\djiman32.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\dncpmon.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\dnj6011se.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\dnjm0111e.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\dwserver.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\fp6003jme.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\fplq0335e.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\gp2ml3f11.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\gp8sl3l71.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\gpnsl3571.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\hp0023dmg.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\i4240efqeh2e0.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\ifrtrmgr.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\ijitpki.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\irp6l57s1.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\iVssam.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\j0j60a1sed.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\jrdw400.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\jtr2079oe.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\k4lqle351h.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\k826lifs1826.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\ksdhept.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\l4j80e1ueh.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\lbcwmi.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\lv4209hoe.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\m0rmla911d.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\madmo.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\merd3x40.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\mtports.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\mv4ql9h51.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\mvn6l95s1.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\mvp0l97m1.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\n0l8la3u1d.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\noptools.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\o6840glqe6qe0.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\OFComC.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\oqeprn.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\p04ulah91d4.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\prs.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\puflbmsg.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\q4rqle951h.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\qadwipes.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\r48slel71hq.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\rCsmontr.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\RGLCPAPI.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\shtupdll.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\TAMode.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\wcvdmoe2.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\wladmod.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\wmnntbbu.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\wtavusd.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\wwdtrace.dll
1 bestand(en) gekopieerd.
Backing Up: C:\WINDOWS\system32\wxwfax.dll
1 bestand(en) gekopieerd.
deleting: C:\WINDOWS\system32\aza6l95s1.dll
Successfully Deleted: C:\WINDOWS\system32\aza6l95s1.dll
deleting: C:\WINDOWS\system32\aza80e1ueh.dll
Successfully Deleted: C:\WINDOWS\system32\aza80e1ueh.dll
deleting: C:\WINDOWS\system32\azaq0335e.dll
Successfully Deleted: C:\WINDOWS\system32\azaq0335e.dll
deleting: C:\WINDOWS\system32\azledit.dll
Successfully Deleted: C:\WINDOWS\system32\azledit.dll
deleting: C:\WINDOWS\system32\cimmdlg.dll
Successfully Deleted: C:\WINDOWS\system32\cimmdlg.dll
deleting: C:\WINDOWS\system32\dbdiagn.dll
Successfully Deleted: C:\WINDOWS\system32\dbdiagn.dll
deleting: C:\WINDOWS\system32\dddiagn.dll
Successfully Deleted: C:\WINDOWS\system32\dddiagn.dll
deleting: C:\WINDOWS\system32\dicpmon.dll
Successfully Deleted: C:\WINDOWS\system32\dicpmon.dll
deleting: C:\WINDOWS\system32\djiman32.dll
Successfully Deleted: C:\WINDOWS\system32\djiman32.dll
deleting: C:\WINDOWS\system32\dncpmon.dll
Successfully Deleted: C:\WINDOWS\system32\dncpmon.dll
deleting: C:\WINDOWS\system32\dnj6011se.dll
Successfully Deleted: C:\WINDOWS\system32\dnj6011se.dll
deleting: C:\WINDOWS\system32\dnjm0111e.dll
Successfully Deleted: C:\WINDOWS\system32\dnjm0111e.dll
deleting: C:\WINDOWS\system32\dwserver.dll
Successfully Deleted: C:\WINDOWS\system32\dwserver.dll
deleting: C:\WINDOWS\system32\fp6003jme.dll
Successfully Deleted: C:\WINDOWS\system32\fp6003jme.dll
deleting: C:\WINDOWS\system32\fplq0335e.dll
Successfully Deleted: C:\WINDOWS\system32\fplq0335e.dll
deleting: C:\WINDOWS\system32\gp2ml3f11.dll
Successfully Deleted: C:\WINDOWS\system32\gp2ml3f11.dll
deleting: C:\WINDOWS\system32\gp8sl3l71.dll
Successfully Deleted: C:\WINDOWS\system32\gp8sl3l71.dll
deleting: C:\WINDOWS\system32\gpnsl3571.dll
Successfully Deleted: C:\WINDOWS\system32\gpnsl3571.dll
deleting: C:\WINDOWS\system32\hp0023dmg.dll
Successfully Deleted: C:\WINDOWS\system32\hp0023dmg.dll
deleting: C:\WINDOWS\system32\i4240efqeh2e0.dll
Successfully Deleted: C:\WINDOWS\system32\i4240efqeh2e0.dll
deleting: C:\WINDOWS\system32\ifrtrmgr.dll
Successfully Deleted: C:\WINDOWS\system32\ifrtrmgr.dll
deleting: C:\WINDOWS\system32\ijitpki.dll
Successfully Deleted: C:\WINDOWS\system32\ijitpki.dll
deleting: C:\WINDOWS\system32\irp6l57s1.dll
Successfully Deleted: C:\WINDOWS\system32\irp6l57s1.dll
deleting: C:\WINDOWS\system32\iVssam.dll
Successfully Deleted: C:\WINDOWS\system32\iVssam.dll
deleting: C:\WINDOWS\system32\j0j60a1sed.dll
Successfully Deleted: C:\WINDOWS\system32\j0j60a1sed.dll
deleting: C:\WINDOWS\system32\jrdw400.dll
Successfully Deleted: C:\WINDOWS\system32\jrdw400.dll
deleting: C:\WINDOWS\system32\jtr2079oe.dll
Successfully Deleted: C:\WINDOWS\system32\jtr2079oe.dll
deleting: C:\WINDOWS\system32\k4lqle351h.dll
Successfully Deleted: C:\WINDOWS\system32\k4lqle351h.dll
deleting: C:\WINDOWS\system32\k826lifs1826.dll
Successfully Deleted: C:\WINDOWS\system32\k826lifs1826.dll
deleting: C:\WINDOWS\system32\ksdhept.dll
Successfully Deleted: C:\WINDOWS\system32\ksdhept.dll
deleting: C:\WINDOWS\system32\l4j80e1ueh.dll
Successfully Deleted: C:\WINDOWS\system32\l4j80e1ueh.dll
deleting: C:\WINDOWS\system32\lbcwmi.dll
Successfully Deleted: C:\WINDOWS\system32\lbcwmi.dll
deleting: C:\WINDOWS\system32\lv4209hoe.dll
Successfully Deleted: C:\WINDOWS\system32\lv4209hoe.dll
deleting: C:\WINDOWS\system32\m0rmla911d.dll
Successfully Deleted: C:\WINDOWS\system32\m0rmla911d.dll
deleting: C:\WINDOWS\system32\madmo.dll
Successfully Deleted: C:\WINDOWS\system32\madmo.dll
deleting: C:\WINDOWS\system32\merd3x40.dll
Successfully Deleted: C:\WINDOWS\system32\merd3x40.dll
deleting: C:\WINDOWS\system32\mtports.dll
Successfully Deleted: C:\WINDOWS\system32\mtports.dll
deleting: C:\WINDOWS\system32\mv4ql9h51.dll
Successfully Deleted: C:\WINDOWS\system32\mv4ql9h51.dll
deleting: C:\WINDOWS\system32\mvn6l95s1.dll
Successfully Deleted: C:\WINDOWS\system32\mvn6l95s1.dll
deleting: C:\WINDOWS\system32\mvp0l97m1.dll
Successfully Deleted: C:\WINDOWS\system32\mvp0l97m1.dll
deleting: C:\WINDOWS\system32\n0l8la3u1d.dll
Successfully Deleted: C:\WINDOWS\system32\n0l8la3u1d.dll
deleting: C:\WINDOWS\system32\noptools.dll
Successfully Deleted: C:\WINDOWS\system32\noptools.dll
deleting: C:\WINDOWS\system32\o6840glqe6qe0.dll
Successfully Deleted: C:\WINDOWS\system32\o6840glqe6qe0.dll
deleting: C:\WINDOWS\system32\OFComC.dll
Successfully Deleted: C:\WINDOWS\system32\OFComC.dll
deleting: C:\WINDOWS\system32\oqeprn.dll
Successfully Deleted: C:\WINDOWS\system32\oqeprn.dll
deleting: C:\WINDOWS\system32\p04ulah91d4.dll
Successfully Deleted: C:\WINDOWS\system32\p04ulah91d4.dll
deleting: C:\WINDOWS\system32\prs.dll
Successfully Deleted: C:\WINDOWS\system32\prs.dll
deleting: C:\WINDOWS\system32\puflbmsg.dll
Successfully Deleted: C:\WINDOWS\system32\puflbmsg.dll
deleting: C:\WINDOWS\system32\q4rqle951h.dll
Successfully Deleted: C:\WINDOWS\system32\q4rqle951h.dll
deleting: C:\WINDOWS\system32\qadwipes.dll
Successfully Deleted: C:\WINDOWS\system32\qadwipes.dll
deleting: C:\WINDOWS\system32\r48slel71hq.dll
Successfully Deleted: C:\WINDOWS\system32\r48slel71hq.dll
deleting: C:\WINDOWS\system32\rCsmontr.dll
Successfully Deleted: C:\WINDOWS\system32\rCsmontr.dll
deleting: C:\WINDOWS\system32\RGLCPAPI.dll
Successfully Deleted: C:\WINDOWS\system32\RGLCPAPI.dll
deleting: C:\WINDOWS\system32\shtupdll.dll
Successfully Deleted: C:\WINDOWS\system32\shtupdll.dll
deleting: C:\WINDOWS\system32\TAMode.dll
Successfully Deleted: C:\WINDOWS\system32\TAMode.dll
deleting: C:\WINDOWS\system32\wcvdmoe2.dll
Successfully Deleted: C:\WINDOWS\system32\wcvdmoe2.dll
deleting: C:\WINDOWS\system32\wladmod.dll
Successfully Deleted: C:\WINDOWS\system32\wladmod.dll
deleting: C:\WINDOWS\system32\wmnntbbu.dll
Successfully Deleted: C:\WINDOWS\system32\wmnntbbu.dll
deleting: C:\WINDOWS\system32\wtavusd.dll
Successfully Deleted: C:\WINDOWS\system32\wtavusd.dll
deleting: C:\WINDOWS\system32\wwdtrace.dll
Successfully Deleted: C:\WINDOWS\system32\wwdtrace.dll
deleting: C:\WINDOWS\system32\wxwfax.dll
Successfully Deleted: C:\WINDOWS\system32\wxwfax.dll
Zipping up files for submission:
adding: aza6l95s1.dll (164 bytes security) (deflated 4%)
adding: aza80e1ueh.dll (164 bytes security) (deflated 5%)
adding: azaq0335e.dll (164 bytes security) (deflated 4%)
adding: azledit.dll (164 bytes security) (deflated 4%)
adding: cimmdlg.dll (164 bytes security) (deflated 5%)
adding: dbdiagn.dll (164 bytes security) (deflated 5%)
adding: dddiagn.dll (164 bytes security) (deflated 6%)
adding: dicpmon.dll (164 bytes security) (deflated 5%)
adding: djiman32.dll (164 bytes security) (deflated 6%)
adding: dncpmon.dll (164 bytes security) (deflated 5%)
adding: dnj6011se.dll (164 bytes security) (deflated 6%)
adding: dnjm0111e.dll (164 bytes security) (deflated 5%)
adding: dwserver.dll (164 bytes security) (deflated 4%)
adding: fp6003jme.dll (164 bytes security) (deflated 5%)
adding: fplq0335e.dll (164 bytes security) (deflated 5%)
adding: gp2ml3f11.dll (164 bytes security) (deflated 5%)
adding: gp8sl3l71.dll (164 bytes security) (deflated 5%)
adding: gpnsl3571.dll (164 bytes security) (deflated 5%)
adding: hp0023dmg.dll (164 bytes security) (deflated 5%)
adding: i4240efqeh2e0.dll (164 bytes security) (deflated 5%)
adding: ifrtrmgr.dll (164 bytes security) (deflated 5%)
adding: ijitpki.dll (164 bytes security) (deflated 5%)
adding: irp6l57s1.dll (164 bytes security) (deflated 5%)
adding: iVssam.dll (164 bytes security) (deflated 4%)
adding: j0j60a1sed.dll (164 bytes security) (deflated 6%)
adding: jrdw400.dll (164 bytes security) (deflated 4%)
adding: jtr2079oe.dll (164 bytes security) (deflated 5%)
adding: k4lqle351h.dll (164 bytes security) (deflated 5%)
adding: k826lifs1826.dll (164 bytes security) (deflated 4%)
adding: ksdhept.dll (164 bytes security) (deflated 6%)
adding: l4j80e1ueh.dll (164 bytes security) (deflated 5%)
adding: lbcwmi.dll (164 bytes security) (deflated 4%)
adding: lv4209hoe.dll (164 bytes security) (deflated 4%)
adding: m0rmla911d.dll (164 bytes security) (deflated 6%)
adding: madmo.dll (164 bytes security) (deflated 4%)
adding: merd3x40.dll (164 bytes security) (deflated 5%)
adding: mtports.dll (164 bytes security) (deflated 5%)
adding: mv4ql9h51.dll (164 bytes security) (deflated 5%)
adding: mvn6l95s1.dll (164 bytes security) (deflated 4%)
adding: mvp0l97m1.dll (164 bytes security) (deflated 5%)
adding: n0l8la3u1d.dll (164 bytes security) (deflated 6%)
adding: noptools.dll (164 bytes security) (deflated 6%)
adding: o6840glqe6qe0.dll (164 bytes security) (deflated 6%)
adding: OFComC.dll (164 bytes security) (deflated 4%)
adding: oqeprn.dll (164 bytes security) (deflated 6%)
adding: p04ulah91d4.dll (164 bytes security) (deflated 5%)
adding: prs.dll (164 bytes security) (deflated 4%)
adding: puflbmsg.dll (164 bytes security) (deflated 5%)
adding: q4rqle951h.dll (164 bytes security) (deflated 5%)
adding: qadwipes.dll (164 bytes security) (deflated 5%)
adding: r48slel71hq.dll (164 bytes security) (deflated 4%)
adding: rCsmontr.dll (164 bytes security) (deflated 4%)
adding: RGLCPAPI.dll (164 bytes security) (deflated 4%)
adding: shtupdll.dll (164 bytes security) (deflated 5%)
adding: TAMode.dll (164 bytes security) (deflated 4%)
adding: wcvdmoe2.dll (164 bytes security) (deflated 6%)
adding: wladmod.dll (164 bytes security) (deflated 5%)
adding: wmnntbbu.dll (164 bytes security) (deflated 4%)
adding: wtavusd.dll (164 bytes security) (deflated 4%)
adding: wwdtrace.dll (164 bytes security) (deflated 5%)
adding: wxwfax.dll (164 bytes security) (deflated 6%)
adding: clear.reg (164 bytes security) (deflated 71%)
adding: echo.reg (164 bytes security) (deflated 10%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 88%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 75%)
adding: test.txt (164 bytes security) (deflated 83%)
adding: test2.txt (164 bytes security) (deflated 49%)
adding: test3.txt (164 bytes security) (deflated 49%)
adding: test5.txt (164 bytes security) (deflated 49%)
adding: xfind.txt (164 bytes security) (deflated 78%)
adding: backregs/16281E95-7880-450F-8A46-C22CD0DAC28C.reg (164 bytes security) (deflated 69%)
adding: backregs/1BC7F32A-7A47-4B17-A7A9-750060ADD18F.reg (164 bytes security) (deflated 70%)
adding: backregs/281D9844-0225-4939-8726-7C0732A1EA40.reg (164 bytes security) (deflated 69%)
adding: backregs/358AD978-91AB-4745-A98C-451E3DA5D0A1.reg (164 bytes security) (deflated 70%)
adding: backregs/39A1F52F-213A-41D2-8BFF-5A8426CF55E2.reg (164 bytes security) (deflated 70%)
adding: backregs/4942C783-BC68-4139-AF13-67627886324F.reg (164 bytes security) (deflated 70%)
adding: backregs/4D1BFEA5-EC3A-4A01-BC49-AFC2BCCAC1BB.reg (164 bytes security) (deflated 70%)
adding: backregs/52B6698E-A173-4A5C-80E6-18AFBFF81FF1.reg (164 bytes security) (deflated 70%)
adding: backregs/55B2D54E-FC1E-4822-A9AC-C15F0E629257.reg (164 bytes security) (deflated 70%)
adding: backregs/6046104C-ED41-42EC-B30D-8CB8F5910C46.reg (164 bytes security) (deflated 71%)
adding: backregs/61534C06-E11C-4DC2-A89E-C2D21868CB68.reg (164 bytes security) (deflated 70%)
adding: backregs/6A5A9D07-F144-4BAE-A498-A5D6F38D5CB1.reg (164 bytes security) (deflated 70%)
adding: backregs/7D25A4FD-4904-42C6-8069-630A8B5960F9.reg (164 bytes security) (deflated 70%)
adding: backregs/7F64B892-CCBD-4E35-A34D-AA808DDD8EC4.reg (164 bytes security) (deflated 70%)
adding: backregs/894F516B-E48F-4B54-ABA0-840EE0275780.reg (164 bytes security) (deflated 70%)
adding: backregs/8DDA938E-3676-4184-9750-9BBBF452A891.reg (164 bytes security) (deflated 70%)
adding: backregs/9251BF13-DA68-4DEB-BB2E-5AD9B3CEBC97.reg (164 bytes security) (deflated 70%)
adding: backregs/9614DBD9-C178-4D9E-A772-3B03B6CD5739.reg (164 bytes security) (deflated 70%)
adding: backregs/A01F5614-FA20-48A7-828D-A5ECE1EF8A92.reg (164 bytes security) (deflated 70%)
adding: backregs/A484F720-9501-4E0D-9B61-27BB83EE0131.reg (164 bytes security) (deflated 70%)
adding: backregs/A66A6A19-BA0C-47F3-947C-2B108D5C55EC.reg (164 bytes security) (deflated 70%)
adding: backregs/A775EC6F-6C3C-4AD3-B605-85AD93909D61.reg (164 bytes security) (deflated 70%)
adding: backregs/AEA9CAEF-F31B-40FC-A889-B70C24001DC6.reg (164 bytes security) (deflated 70%)
adding: backregs/C1A40E8B-5A06-40E3-8903-CD1142BABAFA.reg (164 bytes security) (deflated 70%)
adding: backregs/C78191B3-0341-4BA8-AEF9-E21BD74A4E33.reg (164 bytes security) (deflated 70%)
adding: backregs/D5DC7776-49DC-4121-A896-4A2CBDB89F98.reg (164 bytes security) (deflated 70%)
adding: backregs/D6799294-9D8E-42EF-AD70-1CB393A0737D.reg (164 bytes security) (deflated 70%)
adding: backregs/E49DFB8B-DFC5-4749-B643-8ADB03D1E990.reg (164 bytes security) (deflated 70%)
adding: backregs/EABC0F8C-0074-4D75-8610-6AE541C7456D.reg (164 bytes security) (deflated 70%)
adding: backregs/F494E82D-3955-4526-9450-8633954EE4E0.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 72%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read INGEBOUWD\Gebruikers
(ID-IO) ALLOW Read INGEBOUWD\Gebruikers
(ID-NI) ALLOW Full access INGEBOUWD\Administrators
(ID-IO) ALLOW Full access INGEBOUWD\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access MAKER EIGENAAR
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
deleting local copy: aza6l95s1.dll
deleting local copy: aza80e1ueh.dll
deleting local copy: azaq0335e.dll
deleting local copy: azledit.dll
deleting local copy: cimmdlg.dll
deleting local copy: dbdiagn.dll
deleting local copy: dddiagn.dll
deleting local copy: dicpmon.dll
deleting local copy: djiman32.dll
deleting local copy: dncpmon.dll
deleting local copy: dnj6011se.dll
deleting local copy: dnjm0111e.dll
deleting local copy: dwserver.dll
deleting local copy: fp6003jme.dll
deleting local copy: fplq0335e.dll
deleting local copy: gp2ml3f11.dll
deleting local copy: gp8sl3l71.dll
deleting local copy: gpnsl3571.dll
deleting local copy: hp0023dmg.dll
deleting local copy: i4240efqeh2e0.dll
deleting local copy: ifrtrmgr.dll
deleting local copy: ijitpki.dll
deleting local copy: irp6l57s1.dll
deleting local copy: iVssam.dll
deleting local copy: j0j60a1sed.dll
deleting local copy: jrdw400.dll
deleting local copy: jtr2079oe.dll
deleting local copy: k4lqle351h.dll
deleting local copy: k826lifs1826.dll
deleting local copy: ksdhept.dll
deleting local copy: l4j80e1ueh.dll
deleting local copy: lbcwmi.dll
deleting local copy: lv4209hoe.dll
deleting local copy: m0rmla911d.dll
deleting local copy: madmo.dll
deleting local copy: merd3x40.dll
deleting local copy: mtports.dll
deleting local copy: mv4ql9h51.dll
deleting local copy: mvn6l95s1.dll
deleting local copy: mvp0l97m1.dll
deleting local copy: n0l8la3u1d.dll
deleting local copy: noptools.dll
deleting local copy: o6840glqe6qe0.dll
deleting local copy: OFComC.dll
deleting local copy: oqeprn.dll
deleting local copy: p04ulah91d4.dll
deleting local copy: prs.dll
deleting local copy: puflbmsg.dll
deleting local copy: q4rqle951h.dll
deleting local copy: qadwipes.dll
deleting local copy: r48slel71hq.dll
deleting local copy: rCsmontr.dll
deleting local copy: RGLCPAPI.dll
deleting local copy: shtupdll.dll
deleting local copy: TAMode.dll
deleting local copy: wcvdmoe2.dll
deleting local copy: wladmod.dll
deleting local copy: wmnntbbu.dll
deleting local copy: wtavusd.dll
deleting local copy: wwdtrace.dll
deleting local copy: wxwfax.dll
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en8ql1l51.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"Logoff"="NavLogoffEvent"
"DllName"="C:\\WINDOWS\\system32\\NavLogon.dll"
"StartShell"="NavStartShellEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\aza6l95s1.dll
C:\WINDOWS\system32\aza80e1ueh.dll
C:\WINDOWS\system32\azaq0335e.dll
C:\WINDOWS\system32\azledit.dll
C:\WINDOWS\system32\cimmdlg.dll
C:\WINDOWS\system32\dbdiagn.dll
C:\WINDOWS\system32\dddiagn.dll
C:\WINDOWS\system32\dicpmon.dll
C:\WINDOWS\system32\djiman32.dll
C:\WINDOWS\system32\dncpmon.dll
C:\WINDOWS\system32\dnj6011se.dll
C:\WINDOWS\system32\dnjm0111e.dll
C:\WINDOWS\system32\dwserver.dll
C:\WINDOWS\system32\fp6003jme.dll
C:\WINDOWS\system32\fplq0335e.dll
C:\WINDOWS\system32\gp2ml3f11.dll
C:\WINDOWS\system32\gp8sl3l71.dll
C:\WINDOWS\system32\gpnsl3571.dll
C:\WINDOWS\system32\hp0023dmg.dll
C:\WINDOWS\system32\i4240efqeh2e0.dll
C:\WINDOWS\system32\ifrtrmgr.dll
C:\WINDOWS\system32\ijitpki.dll
C:\WINDOWS\system32\irp6l57s1.dll
C:\WINDOWS\system32\iVssam.dll
C:\WINDOWS\system32\j0j60a1sed.dll
C:\WINDOWS\system32\jrdw400.dll
C:\WINDOWS\system32\jtr2079oe.dll
C:\WINDOWS\system32\k4lqle351h.dll
C:\WINDOWS\system32\k826lifs1826.dll
C:\WINDOWS\system32\ksdhept.dll
C:\WINDOWS\system32\l4j80e1ueh.dll
C:\WINDOWS\system32\lbcwmi.dll
C:\WINDOWS\system32\lv4209hoe.dll
C:\WINDOWS\system32\m0rmla911d.dll
C:\WINDOWS\system32\madmo.dll
C:\WINDOWS\system32\merd3x40.dll
C:\WINDOWS\system32\mtports.dll
C:\WINDOWS\system32\mv4ql9h51.dll
C:\WINDOWS\system32\mvn6l95s1.dll
C:\WINDOWS\system32\mvp0l97m1.dll
C:\WINDOWS\system32\n0l8la3u1d.dll
C:\WINDOWS\system32\noptools.dll
C:\WINDOWS\system32\o6840glqe6qe0.dll
C:\WINDOWS\system32\OFComC.dll
C:\WINDOWS\system32\oqeprn.dll
C:\WINDOWS\system32\p04ulah91d4.dll
C:\WINDOWS\system32\prs.dll
C:\WINDOWS\system32\puflbmsg.dll
C:\WINDOWS\system32\q4rqle951h.dll
C:\WINDOWS\system32\qadwipes.dll
C:\WINDOWS\system32\r48slel71hq.dll
C:\WINDOWS\system32\rCsmontr.dll
C:\WINDOWS\system32\RGLCPAPI.dll
C:\WINDOWS\system32\shtupdll.dll
C:\WINDOWS\system32\TAMode.dll
C:\WINDOWS\system32\wcvdmoe2.dll
C:\WINDOWS\system32\wladmod.dll
C:\WINDOWS\system32\wmnntbbu.dll
C:\WINDOWS\system32\wtavusd.dll
C:\WINDOWS\system32\wwdtrace.dll
C:\WINDOWS\system32\wxwfax.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{16281E95-7880-450F-8A46-C22CD0DAC28C}"=-
"{4D1BFEA5-EC3A-4A01-BC49-AFC2BCCAC1BB}"=-
"{7F64B892-CCBD-4E35-A34D-AA808DDD8EC4}"=-
"{EABC0F8C-0074-4D75-8610-6AE541C7456D}"=-
"{7D25A4FD-4904-42C6-8069-630A8B5960F9}"=-
"{F494E82D-3955-4526-9450-8633954EE4E0}"=-
"{55B2D54E-FC1E-4822-A9AC-C15F0E629257}"=-
"{A66A6A19-BA0C-47F3-947C-2B108D5C55EC}"=-
"{C78191B3-0341-4BA8-AEF9-E21BD74A4E33}"=-
"{39A1F52F-213A-41D2-8BFF-5A8426CF55E2}"=-
"{9614DBD9-C178-4D9E-A772-3B03B6CD5739}"=-
"{8DDA938E-3676-4184-9750-9BBBF452A891}"=-
"{AEA9CAEF-F31B-40FC-A889-B70C24001DC6}"=-
"{6046104C-ED41-42EC-B30D-8CB8F5910C46}"=-
"{52B6698E-A173-4A5C-80E6-18AFBFF81FF1}"=-
"{E49DFB8B-DFC5-4749-B643-8ADB03D1E990}"=-
"{4942C783-BC68-4139-AF13-67627886324F}"=-
"{A01F5614-FA20-48A7-828D-A5ECE1EF8A92}"=-
"{358AD978-91AB-4745-A98C-451E3DA5D0A1}"=-
"{A775EC6F-6C3C-4AD3-B605-85AD93909D61}"=-
"{894F516B-E48F-4B54-ABA0-840EE0275780}"=-
"{D5DC7776-49DC-4121-A896-4A2CBDB89F98}"=-
"{61534C06-E11C-4DC2-A89E-C2D21868CB68}"=-
"{D6799294-9D8E-42EF-AD70-1CB393A0737D}"=-
"{C1A40E8B-5A06-40E3-8903-CD1142BABAFA}"=-
"{6A5A9D07-F144-4BAE-A498-A5D6F38D5CB1}"=-
"{9251BF13-DA68-4DEB-BB2E-5AD9B3CEBC97}"=-
"{1BC7F32A-7A47-4B17-A7A9-750060ADD18F}"=-
"{281D9844-0225-4939-8726-7C0732A1EA40}"=-
"{A484F720-9501-4E0D-9B61-27BB83EE0131}"=-
[-HKEY_CLASSES_ROOT\CLSID\{16281E95-7880-450F-8A46-C22CD0DAC28C}]
[-HKEY_CLASSES_ROOT\CLSID\{4D1BFEA5-EC3A-4A01-BC49-AFC2BCCAC1BB}]
[-HKEY_CLASSES_ROOT\CLSID\{7F64B892-CCBD-4E35-A34D-AA808DDD8EC4}]
[-HKEY_CLASSES_ROOT\CLSID\{EABC0F8C-0074-4D75-8610-6AE541C7456D}]
[-HKEY_CLASSES_ROOT\CLSID\{7D25A4FD-4904-42C6-8069-630A8B5960F9}]
[-HKEY_CLASSES_ROOT\CLSID\{F494E82D-3955-4526-9450-8633954EE4E0}]
[-HKEY_CLASSES_ROOT\CLSID\{55B2D54E-FC1E-4822-A9AC-C15F0E629257}]
[-HKEY_CLASSES_ROOT\CLSID\{A66A6A19-BA0C-47F3-947C-2B108D5C55EC}]
[-HKEY_CLASSES_ROOT\CLSID\{C78191B3-0341-4BA8-AEF9-E21BD74A4E33}]
[-HKEY_CLASSES_ROOT\CLSID\{39A1F52F-213A-41D2-8BFF-5A8426CF55E2}]
[-HKEY_CLASSES_ROOT\CLSID\{9614DBD9-C178-4D9E-A772-3B03B6CD5739}]
[-HKEY_CLASSES_ROOT\CLSID\{8DDA938E-3676-4184-9750-9BBBF452A891}]
[-HKEY_CLASSES_ROOT\CLSID\{AEA9CAEF-F31B-40FC-A889-B70C24001DC6}]
[-HKEY_CLASSES_ROOT\CLSID\{6046104C-ED41-42EC-B30D-8CB8F5910C46}]
[-HKEY_CLASSES_ROOT\CLSID\{52B6698E-A173-4A5C-80E6-18AFBFF81FF1}]
[-HKEY_CLASSES_ROOT\CLSID\{E49DFB8B-DFC5-4749-B643-8ADB03D1E990}]
[-HKEY_CLASSES_ROOT\CLSID\{4942C783-BC68-4139-AF13-67627886324F}]
[-HKEY_CLASSES_ROOT\CLSID\{A01F5614-FA20-48A7-828D-A5ECE1EF8A92}]
[-HKEY_CLASSES_ROOT\CLSID\{358AD978-91AB-4745-A98C-451E3DA5D0A1}]
[-HKEY_CLASSES_ROOT\CLSID\{A775EC6F-6C3C-4AD3-B605-85AD93909D61}]
[-HKEY_CLASSES_ROOT\CLSID\{894F516B-E48F-4B54-ABA0-840EE0275780}]
[-HKEY_CLASSES_ROOT\CLSID\{D5DC7776-49DC-4121-A896-4A2CBDB89F98}]
[-HKEY_CLASSES_ROOT\CLSID\{61534C06-E11C-4DC2-A89E-C2D21868CB68}]
[-HKEY_CLASSES_ROOT\CLSID\{D6799294-9D8E-42EF-AD70-1CB393A0737D}]
[-HKEY_CLASSES_ROOT\CLSID\{C1A40E8B-5A06-40E3-8903-CD1142BABAFA}]
[-HKEY_CLASSES_ROOT\CLSID\{6A5A9D07-F144-4BAE-A498-A5D6F38D5CB1}]
[-HKEY_CLASSES_ROOT\CLSID\{9251BF13-DA68-4DEB-BB2E-5AD9B3CEBC97}]
[-HKEY_CLASSES_ROOT\CLSID\{1BC7F32A-7A47-4B17-A7A9-750060ADD18F}]
[-HKEY_CLASSES_ROOT\CLSID\{281D9844-0225-4939-8726-7C0732A1EA40}]
[-HKEY_CLASSES_ROOT\CLSID\{A484F720-9501-4E0D-9B61-27BB83EE0131}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
New hijack this log :
Logfile of HijackThis v1.99.1
Scan saved at 21:51:25, on 8-8-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\PinkRoccade\RemCon VPN Client\cvpnd.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\program files\180searchassistant\salm.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\0gtcbrj2.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\cdfoon\trayapp.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\VundoFix\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Fadjxwl] C:\Program Files\Swbphhc\Hcgeird.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [njsejj] c:\windows\system32\njsejj.exe
O4 - HKLM\..\Run: [yoevelkrt] C:\WINDOWS\qgvwzyjy.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [jcl] C:\WINDOWS\jcl.exe
O4 - HKLM\..\Run: [0gtcbrj2] C:\WINDOWS\system32\0gtcbrj2.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PinkRoccade RemCon VPN Client.lnk = C:\Program Files\PinkRoccade\RemCon VPN Client\vpngui.exe
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) -
https://www.p3.postb...l/sesam/CAX.cabO16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) -
http://www.gvprc.nl/qp2.cabO16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\dc492cf0\wficat.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) -
http://stream.pussyh.../stream/mmp.cabO16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) -
http://www.180search...com/180saax.cabO16 - DPF: {D4928627-19AF-4701-8F1E-C7FFA901D5A5} (Novell NAL Plugin) - file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\dc492cf0\NALExec.CAB
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) -
https://gto.postbank.nl/GTO/PBGNX.cabO16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) -
http://install.premi...nsAssistent.ocxO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.ao.../ampx_en_dl.cabO20 - Winlogon Notify: Hints - C:\WINDOWS\system32\en8ql1l51.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\PinkRoccade\RemCon VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe