l2mfix:
L2Mfix 1.02
Running From:
C:\Documents and Settings\Eddie\Skrivebord\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Brugere
(ID-IO) ALLOW Read BUILTIN\Brugere
(ID-NI) ALLOW Full access BUILTIN\Administratorer
(ID-IO) ALLOW Full access BUILTIN\Administratorer
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C access for really "Everyone"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Alle
(ID-NI) ALLOW Read BUILTIN\Brugere
(ID-IO) ALLOW Read BUILTIN\Brugere
(ID-NI) ALLOW Full access BUILTIN\Administratorer
(ID-IO) ALLOW Full access BUILTIN\Administratorer
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\Eddie\Skrivebord\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\Eddie\Skrivebord\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 660 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Error, Cannot find a process with an image name of rundll32.exe
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\cdc.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\fp0003dme.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\fpn2035oe.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\fpr2039oe.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\g0jo0a13ed.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\ir62l5jo1.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\ir86l5ls1.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\irl2l53o1.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\lvpq0975e.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\mdieftp.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\n4r20e9oeh.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\ncmsmgr.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\q4680ejueho80.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\wyspdmoe.dll
1 fil(er) kopieret.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 fil(er) kopieret.
deleting: C:\WINDOWS\system32\cdc.dll
Successfully Deleted: C:\WINDOWS\system32\cdc.dll
deleting: C:\WINDOWS\system32\fp0003dme.dll
Successfully Deleted: C:\WINDOWS\system32\fp0003dme.dll
deleting: C:\WINDOWS\system32\fpn2035oe.dll
Successfully Deleted: C:\WINDOWS\system32\fpn2035oe.dll
deleting: C:\WINDOWS\system32\fpr2039oe.dll
Successfully Deleted: C:\WINDOWS\system32\fpr2039oe.dll
deleting: C:\WINDOWS\system32\g0jo0a13ed.dll
Successfully Deleted: C:\WINDOWS\system32\g0jo0a13ed.dll
deleting: C:\WINDOWS\system32\ir62l5jo1.dll
Successfully Deleted: C:\WINDOWS\system32\ir62l5jo1.dll
deleting: C:\WINDOWS\system32\ir86l5ls1.dll
Successfully Deleted: C:\WINDOWS\system32\ir86l5ls1.dll
deleting: C:\WINDOWS\system32\irl2l53o1.dll
Successfully Deleted: C:\WINDOWS\system32\irl2l53o1.dll
deleting: C:\WINDOWS\system32\lvpq0975e.dll
Successfully Deleted: C:\WINDOWS\system32\lvpq0975e.dll
deleting: C:\WINDOWS\system32\mdieftp.dll
Successfully Deleted: C:\WINDOWS\system32\mdieftp.dll
deleting: C:\WINDOWS\system32\n4r20e9oeh.dll
Successfully Deleted: C:\WINDOWS\system32\n4r20e9oeh.dll
deleting: C:\WINDOWS\system32\ncmsmgr.dll
Successfully Deleted: C:\WINDOWS\system32\ncmsmgr.dll
deleting: C:\WINDOWS\system32\q4680ejueho80.dll
Successfully Deleted: C:\WINDOWS\system32\q4680ejueho80.dll
deleting: C:\WINDOWS\system32\wyspdmoe.dll
Successfully Deleted: C:\WINDOWS\system32\wyspdmoe.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
Desktop.ini sucessfully removed
Zipping up files for submission:
adding: cdc.dll (164 bytes security) (deflated 4%)
adding: fp0003dme.dll (164 bytes security) (deflated 4%)
adding: fpn2035oe.dll (164 bytes security) (deflated 4%)
adding: fpr2039oe.dll (164 bytes security) (deflated 4%)
adding: g0jo0a13ed.dll (164 bytes security) (deflated 4%)
adding: ir62l5jo1.dll (164 bytes security) (deflated 5%)
adding: ir86l5ls1.dll (164 bytes security) (deflated 4%)
adding: irl2l53o1.dll (164 bytes security) (deflated 5%)
adding: lvpq0975e.dll (164 bytes security) (deflated 4%)
adding: mdieftp.dll (164 bytes security) (deflated 4%)
adding: n4r20e9oeh.dll (164 bytes security) (deflated 4%)
adding: ncmsmgr.dll (164 bytes security) (deflated 4%)
adding: q4680ejueho80.dll (164 bytes security) (deflated 4%)
adding: wyspdmoe.dll (164 bytes security) (deflated 4%)
adding: guard.tmp (164 bytes security) (deflated 4%)
adding: cecho.reg (164 bytes security) (deflated 2%)
adding: clear.reg (164 bytes security) (deflated 21%)
adding: echo.reg (164 bytes security) (deflated 9%)
adding: desktop.ini (164 bytes security) (deflated 15%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 80%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 63%)
adding: test.txt (164 bytes security) (deflated 76%)
adding: test2.txt (164 bytes security) (stored 0%)
adding: xfind.txt (164 bytes security) (deflated 70%)
adding: backregs/52B671F0-8B40-4134-8669-24E0F7DFC389.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for really "Everyone"
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Brugere
(ID-IO) ALLOW Read BUILTIN\Brugere
(ID-NI) ALLOW Full access BUILTIN\Administratorer
(ID-IO) ALLOW Full access BUILTIN\Administratorer
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
deleting local copy: cdc.dll
deleting local copy: fp0003dme.dll
deleting local copy: fpn2035oe.dll
deleting local copy: fpr2039oe.dll
deleting local copy: g0jo0a13ed.dll
deleting local copy: ir62l5jo1.dll
deleting local copy: ir86l5ls1.dll
deleting local copy: irl2l53o1.dll
deleting local copy: lvpq0975e.dll
deleting local copy: mdieftp.dll
deleting local copy: n4r20e9oeh.dll
deleting local copy: ncmsmgr.dll
deleting local copy: q4680ejueho80.dll
deleting local copy: wyspdmoe.dll
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cdc.dll
C:\WINDOWS\system32\fp0003dme.dll
C:\WINDOWS\system32\fpn2035oe.dll
C:\WINDOWS\system32\fpr2039oe.dll
C:\WINDOWS\system32\g0jo0a13ed.dll
C:\WINDOWS\system32\ir62l5jo1.dll
C:\WINDOWS\system32\ir86l5ls1.dll
C:\WINDOWS\system32\irl2l53o1.dll
C:\WINDOWS\system32\lvpq0975e.dll
C:\WINDOWS\system32\mdieftp.dll
C:\WINDOWS\system32\n4r20e9oeh.dll
C:\WINDOWS\system32\ncmsmgr.dll
C:\WINDOWS\system32\q4680ejueho80.dll
C:\WINDOWS\system32\wyspdmoe.dll
C:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{52B671F0-8B40-4134-8669-24E0F7DFC389}"=-
[-HKEY_CLASSES_ROOT\CLSID\{52B671F0-8B40-4134-8669-24E0F7DFC389}]
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C87C2147-A8A3-487A-B4E2-CF3113072044}"=-
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{C87C2147-A8A3-487A-B4E2-CF3113072044}</IDone>
<IDtwo>VT00</IDtwo>
<VERSION>200</VERSION>
****************************************************************************
Classid's found from regsearch:
****************************************************************************
HiJackThis:
Logfile of HijackThis v1.99.0
Scan saved at 17:11:10, on 26-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\msupd5.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\HPQ\One-Touch\OneTouch.EXE
C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\ZyAIR USB Utility\ZyAIR.exe
C:\Documents and Settings\Eddie\Menuen Start\Programmer\Start\loaddtraff[1].exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://familylogon.s...et.dk/index.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://familylogon.stofanet.dkR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://familylogon.stofanet.dkR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.hp.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {23D0FA49-F107-89BE-ABAD-3382B15A4F97} - C:\WINDOWS\System32\lyyyxrzt.dll
O2 - BHO: (no name) - {739E0A07-EA2A-8C9F-30FA-DA8B144F5DF4} - C:\WINDOWS\System32\hhaktdef.dll
O2 - BHO: (no name) - {8778A851-2AEB-A975-9E6B-2DB59D5897FE} - C:\WINDOWS\System32\ngzafrap.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TV Now] C:\Programmer\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RoxAssistant] C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Programmer\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=083004 serial=WS12WTX-9999998-UYR lang=EN
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Programmer\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [yldcocsu] C:\WINDOWS\System32\yldcocsu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: loaddtraff[1].exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZyAIR.lnk = C:\Programmer\ZyAIR USB Utility\ZyAIR.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab30149.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.co...ad/MsnPUpld.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab28177.cabO16 - DPF: {FDD45E53-99AC-48D1-839A-AB4B79BD8A59} (UniqueClientKey.UniqueKey) -
http://www.aknightsg...ueClientKey.CABO23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iidxjnicjmqc - Unknown - C:\WINDOWS\System32\msupd5.exe
O23 - Service: Panda Function Service - Unknown - C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Preventium+ Service - Unknown - C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Programmer\Panda Software\Panda Titanium Antivirus 2005\psimsvc.exe