Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijackthis log

None
9 antwoorden
  • Ik heb al een week of twee last van een vervelend winfixer pop up dat maar blijft terug komen.Winfixer word hierbij ongewenst geinstalleerd. Heb Spybot gebruikt, ad aware maar tot nu geen succes. Ben niet zo bekend met Hijackthis. Kan wel wat hulp hierbij gebruiken.


    Dit is mijn log

    Logfile of HijackThis v1.99.1
    Scan saved at 12:20:04, on 7-8-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\wwSecure.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Documents and Settings\toine\Bureaublad\hijack\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libradio.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {A6486E29-4E74-4180-BCF6-1E48C5D04386} - C:\WINDOWS\System32\epkc.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin
    pjpi142_08.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin
    pjpi142_08.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Microsoft AntiSpyware helper - {F1F61BBA-9A58-4691-9D1B-074C2D8F206D} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F1F61BBA-9A58-4691-9D1B-074C2D8F206D} - (no file) (HKCU)
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5302AB70} - http://dialers.dialoff.com/100302/nl/games1/games1.exe
    O16 - DPF: {3B623D23-2757-4881-A01E-D560EBCA5307} (VacPro.olanda_ver10) - http://advnt01.com/dialer/olanda_ver10.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123331636066
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1064475.exe
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\kddsp.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe



    alvast bedankt



  • Download en installeer CCleaner
    Nog niet gebruiken.

    Download L2mfix van één van onderstaande locaties:

    http://www.atribune.org/downloads/l2mfix.exe
    http://www.downloads.subratam.org/l2mfix.exe

    Plaats het bestand op je buroblad. Klik op l2mfix.exe.
    Klik op "Accept". Zorg dat de l2mfix-map op je bureaublad geplaatst wordt. Klik op "Install".
    Op je bureaublad open je de map l2mfix.
    Klik op l2mfix.bat.
    Klik op "1" om optie te 1 selecteren: Run Find Log.
    Dit gaat even duren. Na een tijdje wordt er een kladblokbestand geopend.

    Copieer de inhoud van dat log en post dat.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:97db6c68bb]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    O2 - BHO: (no name) - {A6486E29-4E74-4180-BCF6-1E48C5D04386} - C:\WINDOWS\System32\epkc.dll (file missing)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O9 - Extra button: Microsoft AntiSpyware helper - {F1F61BBA-9A58-4691-9D1B-074C2D8F206D} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F1F61BBA-9A58-4691-9D1B-074C2D8F206D} - (no file) (HKCU)
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5302AB70} - http://dialers.dialoff.com/100302/nl/games1/games1.exe
    O16 - DPF: {3B623D23-2757-4881-A01E-D560EBCA5307} (VacPro.olanda_ver10) - http://advnt01.com/dialer/olanda_ver10.CAB
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1064475.exe
    [/b:97db6c68bb]Klik op 'Fix checked' om de items te verwijderen


    Start CCleaner
    Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
    Kies in ieder geval voor de volgende items:
    Internet Explorer:
    - Tijdelijke Internet bestanden
    Systeem:
    - Prullenbak leegmaken
    - Tijdelijke bestanden
    klik nu in Ccleaner op opschonen (rechts onderaan).

    Sjaak
  • nog bedankt. Ik zal het even proberen en kijken of het lukt.
  • Dit is mijn L2MFIX log



    L2MFIX find log 1.03
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    "Asynchronous"=dword:00000000
    "DllName"=""
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\kddsp.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{459EE5B2-74E7-3CED-2C49-0D0A1CF13C95}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Eigenschappenvenster van multimediabestand"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerbeheer"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Het tabblad Beveiliging"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Eigenschappenblad voor OLE-docbestand"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldschermadapter"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Monitor"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldscherm-panning"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Het tabblad Beveiliging"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibiliteitspagina"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Knipselgegevensverwerker van shell"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Schijfkopieer-uitbreiding"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell-uitbreidingen voor Microsoft Windows Network-objecten"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-monitorbeheer"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerbeheer"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell-uitbreidingen voor bestandscompressie"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shell-uitbreiding voor Web Printer"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Snelmenu Codering"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Werkmap"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-pictogramuitbreiding"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiel"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Het tabblad Beveiliging voor printers"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-extensie"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto-handtekeningextensie"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netwerkverbindingen"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netwerkverbindingen"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners en camera's"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners en camera's"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners en camera's"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners en camera's"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners en camera's"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplande taken"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taakbalk en menu Start"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Zoeken"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uitvoeren…"
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Lettertypen"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Systeembeheer"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-werkbalk"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Downloadstatus"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Uitgebreide shell-map"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Uitgebreide shell-map 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft-browserbalk"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Zoekbalk"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Mediabalk"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Zoeken binnen deelvenster"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Zoeken op het web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Hulpprogramma met opties voor registerboomstructuur"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoAanvullen"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU-lijst voor AutoAanvullen"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Aangepaste MRU-lijst voor AutoAanvullen"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Toegankelijk"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pop-upbalk Volgen"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser voor adresbalk"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lijst voor AutoAanvullen: Microsoft Geschiedenis"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lijst voor AutoAanvullen: Microsoft Shell-map"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft-container met meervoudige lijst voor AutoAanvullen"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Sitemenu van shell-band"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Gebruikersondersteuning"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globale mapinstellingen"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url-geschiedenisservice"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Geschiedenis"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url-zoeken Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-welkomstscherm"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Het Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Cachemap van ActiveX"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Map met abonnementen"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Toepassingsbeheer"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Programma voor inventarisatie van ge‹nstalleerde toepassingen"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI- en bestandsextractieprogramma voor miniaturen"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informatie over de handler voor miniatuurweergaven (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-extractie voor miniatuurweergaven"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Wizard Webpublicaties"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Afdrukken via het web bestellen"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell-object voor publicatiewizard"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Wizard Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Gebruikersaccounts"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Map Off line bestanden"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People…"
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanaal-bestand"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanaal-snelkoppeling"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Handler-object voor kanalen"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
    "{01FA5212-4C65-48C4-983B-451A39202308}"=""
    "{24E8D73B-5471-42B3-8699-279C4DBB3271}"=""
    "{EF1A5C55-7967-499B-AA88-2B65558D474D}"=""
    "{599A19AA-7AB1-467B-9817-12DB2B79B9CA}"=""
    "{5EC42BFA-0D8F-4C15-8E6B-7A9DE0F16F8A}"=""
    "{2C02D797-01A2-4CA3-9675-9EA096D96A0B}"=""
    "{B304866A-2884-49B7-B8F0-8B6717D19ABD}"=""
    "{12A29929-A523-45F9-A9B6-F5A50294EFC4}"=""
    "{95B4C1AD-4C77-4C67-AD6B-62A088DCA098}"=""
    "{37FF2666-9E60-4F7E-B9E9-E53C832B2357}"=""
    "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shredding Utility"
    "{0516FD5F-181C-4E53-A0FE-440B2C327263}"=""
    "{8DF8B77B-C784-49F1-8D43-97E8195BC8CF}"=""
    "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
    "{CA2E22F0-FF5A-4425-9A08-5A558DA98FAD}"=""
    "{603C7714-AF6E-458A-9EFB-1ABB5C4992A3}"=""
    "{EC18AEAC-A502-49DA-808B-1DA7CA957724}"=""
    "{D74CDBFD-DAAC-46CC-BE11-1D13717B58E8}"=""
    "{B2366BE9-FF93-4106-BB82-EC2BA859C54C}"=""
    "{1CC2DB1F-1DB5-4ED3-8F1F-866E3E111F1A}"=""
    "{792438CD-BE08-4D1C-BDEA-7AD3D0F6261E}"=""
    "{F03A4DDF-5BB2-4FE8-B097-3B766F2B96A0}"=""
    "{73D728CF-C505-4FCA-8D3B-768848A7A6F5}"=""
    "{CCE43A94-9081-4DAA-80C4-4093F96F963C}"=""
    "{B1E4D4BA-CE25-4CA2-95C4-2EE5E5870FC5}"=""
    "{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"
    "{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{01FA5212-4C65-48C4-983B-451A39202308}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{01FA5212-4C65-48C4-983B-451A39202308}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{01FA5212-4C65-48C4-983B-451A39202308}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{01FA5212-4C65-48C4-983B-451A39202308}\InprocServer32]
    @="C:\\WINDOWS\\system32\\phrfctrs.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{24E8D73B-5471-42B3-8699-279C4DBB3271}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{24E8D73B-5471-42B3-8699-279C4DBB3271}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{24E8D73B-5471-42B3-8699-279C4DBB3271}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{24E8D73B-5471-42B3-8699-279C4DBB3271}\InprocServer32]
    @="C:\\WINDOWS\\system32\\imq.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{EF1A5C55-7967-499B-AA88-2B65558D474D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EF1A5C55-7967-499B-AA88-2B65558D474D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EF1A5C55-7967-499B-AA88-2B65558D474D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EF1A5C55-7967-499B-AA88-2B65558D474D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wbploc.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{599A19AA-7AB1-467B-9817-12DB2B79B9CA}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{599A19AA-7AB1-467B-9817-12DB2B79B9CA}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{599A19AA-7AB1-467B-9817-12DB2B79B9CA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{599A19AA-7AB1-467B-9817-12DB2B79B9CA}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sksvcs.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{5EC42BFA-0D8F-4C15-8E6B-7A9DE0F16F8A}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{5EC42BFA-0D8F-4C15-8E6B-7A9DE0F16F8A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{5EC42BFA-0D8F-4C15-8E6B-7A9DE0F16F8A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{5EC42BFA-0D8F-4C15-8E6B-7A9DE0F16F8A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sworprop.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2C02D797-01A2-4CA3-9675-9EA096D96A0B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2C02D797-01A2-4CA3-9675-9EA096D96A0B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2C02D797-01A2-4CA3-9675-9EA096D96A0B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2C02D797-01A2-4CA3-9675-9EA096D96A0B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\aaicap.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B304866A-2884-49B7-B8F0-8B6717D19ABD}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B304866A-2884-49B7-B8F0-8B6717D19ABD}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B304866A-2884-49B7-B8F0-8B6717D19ABD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B304866A-2884-49B7-B8F0-8B6717D19ABD}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mtdemui.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{12A29929-A523-45F9-A9B6-F5A50294EFC4}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{12A29929-A523-45F9-A9B6-F5A50294EFC4}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{12A29929-A523-45F9-A9B6-F5A50294EFC4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{12A29929-A523-45F9-A9B6-F5A50294EFC4}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ddiman32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{95B4C1AD-4C77-4C67-AD6B-62A088DCA098}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{95B4C1AD-4C77-4C67-AD6B-62A088DCA098}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{95B4C1AD-4C77-4C67-AD6B-62A088DCA098}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{95B4C1AD-4C77-4C67-AD6B-62A088DCA098}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rygapi.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{37FF2666-9E60-4F7E-B9E9-E53C832B2357}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{37FF2666-9E60-4F7E-B9E9-E53C832B2357}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{37FF2666-9E60-4F7E-B9E9-E53C832B2357}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{37FF2666-9E60-4F7E-B9E9-E53C832B2357}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sNfrslv.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{0516FD5F-181C-4E53-A0FE-440B2C327263}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0516FD5F-181C-4E53-A0FE-440B2C327263}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0516FD5F-181C-4E53-A0FE-440B2C327263}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0516FD5F-181C-4E53-A0FE-440B2C327263}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{8DF8B77B-C784-49F1-8D43-97E8195BC8CF}]
    @=""
    "IDEx"="ST"

    [HKEY_CLASSES_ROOT\CLSID\{8DF8B77B-C784-49F1-8D43-97E8195BC8CF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8DF8B77B-C784-49F1-8D43-97E8195BC8CF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8DF8B77B-C784-49F1-8D43-97E8195BC8CF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\crmrepl.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CA2E22F0-FF5A-4425-9A08-5A558DA98FAD}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CA2E22F0-FF5A-4425-9A08-5A558DA98FAD}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CA2E22F0-FF5A-4425-9A08-5A558DA98FAD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CA2E22F0-FF5A-4425-9A08-5A558DA98FAD}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{603C7714-AF6E-458A-9EFB-1ABB5C4992A3}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{603C7714-AF6E-458A-9EFB-1ABB5C4992A3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{603C7714-AF6E-458A-9EFB-1ABB5C4992A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{603C7714-AF6E-458A-9EFB-1ABB5C4992A3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wknmp32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{EC18AEAC-A502-49DA-808B-1DA7CA957724}]
    @=""
    "IDEx"="ST"

    [HKEY_CLASSES_ROOT\CLSID\{EC18AEAC-A502-49DA-808B-1DA7CA957724}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EC18AEAC-A502-49DA-808B-1DA7CA957724}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EC18AEAC-A502-49DA-808B-1DA7CA957724}\InprocServer32]
    @="C:\\WINDOWS\\system32\\aqtapi.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{D74CDBFD-DAAC-46CC-BE11-1D13717B58E8}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D74CDBFD-DAAC-46CC-BE11-1D13717B58E8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D74CDBFD-DAAC-46CC-BE11-1D13717B58E8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D74CDBFD-DAAC-46CC-BE11-1D13717B58E8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dvdmo.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B2366BE9-FF93-4106-BB82-EC2BA859C54C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B2366BE9-FF93-4106-BB82-EC2BA859C54C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B2366BE9-FF93-4106-BB82-EC2BA859C54C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B2366BE9-FF93-4106-BB82-EC2BA859C54C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\hketcfg.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1CC2DB1F-1DB5-4ED3-8F1F-866E3E111F1A}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1CC2DB1F-1DB5-4ED3-8F1F-866E3E111F1A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1CC2DB1F-1DB5-4ED3-8F1F-866E3E111F1A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1CC2DB1F-1DB5-4ED3-8F1F-866E3E111F1A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ovbccp32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{792438CD-BE08-4D1C-BDEA-7AD3D0F6261E}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{792438CD-BE08-4D1C-BDEA-7AD3D0F6261E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{792438CD-BE08-4D1C-BDEA-7AD3D0F6261E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{792438CD-BE08-4D1C-BDEA-7AD3D0F6261E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mpvbvm60.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F03A4DDF-5BB2-4FE8-B097-3B766F2B96A0}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F03A4DDF-5BB2-4FE8-B097-3B766F2B96A0}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F03A4DDF-5BB2-4FE8-B097-3B766F2B96A0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F03A4DDF-5BB2-4FE8-B097-3B766F2B96A0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rcvpsp.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{73D728CF-C505-4FCA-8D3B-768848A7A6F5}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{73D728CF-C505-4FCA-8D3B-768848A7A6F5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{73D728CF-C505-4FCA-8D3B-768848A7A6F5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{73D728CF-C505-4FCA-8D3B-768848A7A6F5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dNdxof.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CCE43A94-9081-4DAA-80C4-4093F96F963C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CCE43A94-9081-4DAA-80C4-4093F96F963C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CCE43A94-9081-4DAA-80C4-4093F96F963C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CCE43A94-9081-4DAA-80C4-4093F96F963C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ozeacc.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B1E4D4BA-CE25-4CA2-95C4-2EE5E5870FC5}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B1E4D4BA-CE25-4CA2-95C4-2EE5E5870FC5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B1E4D4BA-CE25-4CA2-95C4-2EE5E5870FC5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B1E4D4BA-CE25-4CA2-95C4-2EE5E5870FC5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mfexch40.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    aqtapi.dll Thu 21 Jul 2005 23:33:10 A…. 417.792 408,00 K
    cdm.dll Thu 26 May 2005 4:16:24 A…. 75.544 73,77 K
    divx.dll Thu 9 Jun 2005 22:32:28 A…. 692.736 676,50 K
    dndxof.dll Mon 8 Aug 2005 11:57:10 ..S.R 417.792 408,00 K
    dtu100.dll Wed 18 May 2005 23:40:22 A…. 200.704 196,00 K
    dvdmo.dll Sat 23 Jul 2005 16:00:36 ..S.R 417.792 408,00 K
    gsi32.dll Fri 29 Jul 2005 19:38:56 ..S.R 417.792 408,00 K
    hketcfg.dll Tue 26 Jul 2005 16:41:22 ..S.R 417.792 408,00 K
    hrink.dll Mon 1 Aug 2005 22:25:02 ..S.R 417.792 408,00 K
    iuengine.dll Thu 26 May 2005 4:16:24 A…. 198.424 193,77 K
    iysso.dll Sun 31 Jul 2005 12:15:38 ..S.R 417.792 408,00 K
    kddsp.dll Tue 2 Aug 2005 15:21:42 ..S.R 417.792 408,00 K
    kmdsl.dll Thu 4 Aug 2005 12:28:26 ..S.R 417.792 408,00 K
    kndkor.dll Sat 30 Jul 2005 12:35:24 ..S.R 417.792 408,00 K
    lbcmgr10.dll Fri 22 Jul 2005 4:41:06 ..S.R 417.792 408,00 K
    lscalspl.dll Fri 22 Jul 2005 4:41:16 ..S.R 417.792 408,00 K
    mcr2cenu.dll Mon 1 Aug 2005 22:33:00 ..S.R 417.792 408,00 K
    mcxbde40.dll Mon 25 Jul 2005 17:25:14 ..S.R 417.792 408,00 K
    mfexch40.dll Mon 1 Aug 2005 10:59:00 ..S.R 417.792 408,00 K
    mhwstr10.dll Tue 26 Jul 2005 13:32:00 ..S.R 417.792 408,00 K
    mixml.dll Fri 22 Jul 2005 15:15:50 ..S.R 417.792 408,00 K
    mjcndmgr.dll Fri 22 Jul 2005 4:47:36 ..S.R 417.792 408,00 K
    mmaatext.dll Fri 22 Jul 2005 5:00:00 ..S.R 417.792 408,00 K
    mnc42.dll Fri 22 Jul 2005 0:42:06 ..S.R 417.792 408,00 K
    mpperf.dll Fri 22 Jul 2005 4:53:50 ..S.R 417.792 408,00 K
    mpvbvm60.dll Tue 26 Jul 2005 19:30:36 ..S.R 417.792 408,00 K
    mrhtml.dll Mon 1 Aug 2005 0:44:42 ..S.R 417.792 408,00 K
    mucndmgr.dll Fri 22 Jul 2005 0:42:14 ..S.R 417.792 408,00 K
    mwfutil.dll Sat 6 Aug 2005 11:39:40 ..S.R 417.792 408,00 K
    ovbccp32.dll Tue 26 Jul 2005 18:12:46 ..S.R 417.792 408,00 K
    ozeacc.dll Sun 31 Jul 2005 16:54:08 ..S.R 417.792 408,00 K
    pncrt.dll Sun 12 Jun 2005 20:50:20 A…. 278.528 272,00 K
    pndx5016.dll Sun 12 Jun 2005 20:50:24 A…. 6.656 6,50 K
    pndx5032.dll Sun 12 Jun 2005 20:50:24 A…. 5.632 5,50 K
    pvfmgr.dll Sat 30 Jul 2005 12:19:06 ..S.R 417.792 408,00 K
    qpdwipes.dll Fri 22 Jul 2005 3:31:06 ..S.R 417.792 408,00 K
    rcvpsp.dll Tue 26 Jul 2005 20:54:38 ..S.R 417.792 408,00 K
    rjssapi.dll Fri 22 Jul 2005 2:07:10 ..S.R 417.792 408,00 K
    rmoc3260.dll Sun 12 Jun 2005 20:50:42 A…. 176.167 172,04 K
    rusauto.dll Fri 22 Jul 2005 3:31:12 ..S.R 417.792 408,00 K
    s32evnt1.dll Fri 13 May 2005 19:50:10 A…. 91.856 89,70 K
    sdfrdm.dll Fri 22 Jul 2005 2:07:30 ..S.R 417.792 408,00 K
    whi.dll Fri 22 Jul 2005 15:24:02 ..S.R 417.792 408,00 K
    wknmp32.dll Fri 22 Jul 2005 16:47:24 ..S.R 417.792 408,00 K
    wksdmod.dll Sat 30 Jul 2005 6:03:58 ..S.R 417.792 408,00 K
    wqhnetbs.dll Sun 31 Jul 2005 13:32:20 ..S.R 417.792 408,00 K
    wsdmps.dll Fri 22 Jul 2005 5:50:08 ..S.R 417.792 408,00 K
    wuapi.dll Thu 26 May 2005 4:16:34 A…. 466.200 455,27 K
    wuaueng.dll Thu 26 May 2005 4:16:30 A…. 1.343.768 1,28 M
    wuaueng1.dll Thu 26 May 2005 4:16:34 A…. 194.840 190,27 K
    wucltui.dll Thu 26 May 2005 4:16:34 A…. 128.280 125,27 K
    wups.dll Thu 26 May 2005 4:16:30 A…. 41.240 40,27 K
    wups2.dll Thu 26 May 2005 4:16:30 A…. 18.200 17,77 K
    wuweb.dll Thu 26 May 2005 4:19:32 A…. 173.536 169,47 K

    54 items found: 54 files (37 H/S), 0 directories.
    Total of file sizes: 19.968.407 bytes 19,04 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    guard.tmp Fri 22 Jul 2005 16:45:38 ..S.R 417.792 408,00 K

    1 item found: 1 file (1 H/S), 0 directories.
    Total of file sizes: 417.792 bytes 408,00 K
    **********************************************************************************
    Directory Listing of system files:
    Het volume in station C heeft geen naam.
    Het volumenummer is 68A2-EE56

    Map van C:\WINDOWS\System32

    08-08-2005 11:57 417.792 dNdxof.dll
    06-08-2005 14:43 <DIR> dllcache
    06-08-2005 11:39 417.792 mwfutil.dll
    04-08-2005 12:28 417.792 kmdsl.dll
    02-08-2005 15:21 417.792 kddsp.dll
    01-08-2005 22:32 417.792 mcr2cenu.dll
    01-08-2005 22:25 417.792 hrink.dll
    01-08-2005 10:58 417.792 mfexch40.dll
    01-08-2005 00:44 417.792 mrhtml.dll
    31-07-2005 16:54 417.792 ozeacc.dll
    31-07-2005 13:32 417.792 wqhnetbs.dll
    31-07-2005 12:15 417.792 iysso.dll
    30-07-2005 12:35 417.792 kndkor.dll
    30-07-2005 12:19 417.792 pvfmgr.dll
    30-07-2005 06:03 417.792 wksdmod.dll
    29-07-2005 19:38 417.792 gsi32.dll
    26-07-2005 20:54 417.792 rcvpsp.dll
    26-07-2005 19:30 417.792 mpvbvm60.dll
    26-07-2005 18:12 417.792 ovbccp32.dll
    26-07-2005 16:41 417.792 hketcfg.dll
    26-07-2005 13:31 417.792 mhwstr10.dll
    25-07-2005 17:25 417.792 mcxbde40.dll
    23-07-2005 16:00 417.792 dvdmo.dll
    22-07-2005 16:47 417.792 wknmp32.dll
    22-07-2005 16:45 417.792 guard.tmp
    22-07-2005 15:24 417.792 whi.dll
    22-07-2005 15:15 417.792 mixml.dll
    22-07-2005 05:50 417.792 WSDMPS.dll
    22-07-2005 04:59 417.792 mmaatext.dll
    22-07-2005 04:53 417.792 mpperf.dll
    22-07-2005 04:47 417.792 mjcndmgr.dll
    22-07-2005 04:41 417.792 lscalspl.dll
    22-07-2005 04:41 417.792 lbcmgr10.dll
    22-07-2005 03:31 417.792 rUsauto.dll
    22-07-2005 03:31 417.792 qpdwipes.dll
    22-07-2005 02:07 417.792 sDfrdm.dll
    22-07-2005 02:07 417.792 rJssapi.dll
    22-07-2005 00:42 417.792 mucndmgr.dll
    22-07-2005 00:42 417.792 mnc42.dll
    03-06-2005 11:03 <DIR> Microsoft
    29-05-2005 14:29 56 6AA0E2DB1C.sys
    39 bestand(en) 15.876.152 bytes
    2 map(pen) 5.702.045.696 bytes beschikbaar
  • Sluit alle openstaande programma's.
    Dubbelklik op l2mfix.bat.
    Type "4" om optie 4 te selecteren: "Merge Winlogon Notify Defaults.
    Druk op Enter.
    Type "2" om optie 2 te selecteren: Run Fix.
    Druk op Enter.
    Druk op een toets om de computer opnieuw te starten wanneer dit gevraagd wordt.
    Na de reboot verschijnen de ikonen op je desktop. Deze zullen weer verdwijnen. (dat is normaal).
    L2mfix gaat je computer scannen.
    Wanneer het klaar is wordt er een nieuw kladblokbestand geopend.
    Copieer de inhoud van dat log tesamen met een nieuw log van hijackthis.
  • L2Mfix 1.03a

    Running From:
    C:\Documents and Settings\toine\Bureaublad\l2mfix



    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-NI) ALLOW Read INGEBOUWD\Gebruikers
    (ID-IO) ALLOW Read INGEBOUWD\Gebruikers
    (ID-NI) ALLOW Read INGEBOUWD\Hoofdgebruikers
    (ID-IO) ALLOW Read INGEBOUWD\Hoofdgebruikers
    (ID-NI) ALLOW Full access INGEBOUWD\Administrators
    (ID-IO) ALLOW Full access INGEBOUWD\Administrators
    (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access MAKER EIGENAAR



    Setting registry permissions:


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!


    Denying C(CI) access for predefined group "Administrators"
    - adding new ACCESS DENY entry


    Registry Permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (CI) DENY –C——- INGEBOUWD\Administrators
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-NI) ALLOW Read INGEBOUWD\Gebruikers
    (ID-IO) ALLOW Read INGEBOUWD\Gebruikers
    (ID-NI) ALLOW Read INGEBOUWD\Hoofdgebruikers
    (ID-IO) ALLOW Read INGEBOUWD\Hoofdgebruikers
    (ID-NI) ALLOW Full access INGEBOUWD\Administrators
    (ID-IO) ALLOW Full access INGEBOUWD\Administrators
    (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access MAKER EIGENAAR



    Setting up for Reboot


    Starting Reboot!

    C:\Documents and Settings\toine\Bureaublad\l2mfix
    System Rebooted!

    Running From:
    C:\Documents and Settings\toine\Bureaublad\l2mfix

    killing explorer and rundll32.exe

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 1632 'explorer.exe'
    Killing PID 1632 'explorer.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 1764 'rundll32.exe'

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!
    Backing Up: C:\WINDOWS\system32\itwphbk.dll
    1 bestand(en) gekopieerd.
    Backing Up: C:\WINDOWS\system32\itwphbk.dll
    1 bestand(en) gekopieerd.
    Backing Up: C:\WINDOWS\system32\kddsp.dll
    1 bestand(en) gekopieerd.
    Backing Up: C:\WINDOWS\system32\kddsp.dll
    1 bestand(en) gekopieerd.
    Backing Up: C:\WINDOWS\system32\wlcsvc.dll
    1 bestand(en) gekopieerd.
    Backing Up: C:\WINDOWS\system32\wlcsvc.dll
    1 bestand(en) gekopieerd.
    Backing Up: C:\WINDOWS\system32\guard.tmp
    1 bestand(en) gekopieerd.
    Backing Up: C:\WINDOWS\system32\guard.tmp
    1 bestand(en) gekopieerd.
    deleting: C:\WINDOWS\system32\itwphbk.dll
    Successfully Deleted: C:\WINDOWS\system32\itwphbk.dll
    deleting: C:\WINDOWS\system32\itwphbk.dll
    Successfully Deleted: C:\WINDOWS\system32\itwphbk.dll
    deleting: C:\WINDOWS\system32\kddsp.dll
    Successfully Deleted: C:\WINDOWS\system32\kddsp.dll
    deleting: C:\WINDOWS\system32\kddsp.dll
    Successfully Deleted: C:\WINDOWS\system32\kddsp.dll
    deleting: C:\WINDOWS\system32\wlcsvc.dll
    Successfully Deleted: C:\WINDOWS\system32\wlcsvc.dll
    deleting: C:\WINDOWS\system32\wlcsvc.dll
    Successfully Deleted: C:\WINDOWS\system32\wlcsvc.dll
    deleting: C:\WINDOWS\system32\guard.tmp
    Successfully Deleted: C:\WINDOWS\system32\guard.tmp
    deleting: C:\WINDOWS\system32\guard.tmp
    Successfully Deleted: C:\WINDOWS\system32\guard.tmp


    Zipping up files for submission:
    adding: itwphbk.dll (164 bytes security) (deflated 48%)
    adding: kddsp.dll (164 bytes security) (deflated 48%)
    adding: wlcsvc.dll (164 bytes security) (deflated 48%)
    adding: guard.tmp (164 bytes security) (deflated 48%)
    adding: clear.reg (164 bytes security) (deflated 70%)
    adding: echo.reg (164 bytes security) (deflated 10%)
    adding: direct.txt (164 bytes security) (stored 0%)
    adding: lo2.txt (164 bytes security) (deflated 79%)
    adding: readme.txt (164 bytes security) (deflated 49%)
    adding: report.txt (164 bytes security) (deflated 73%)
    adding: test.txt (164 bytes security) (deflated 78%)
    adding: test2.txt (164 bytes security) (deflated 49%)
    adding: test3.txt (164 bytes security) (deflated 49%)
    adding: test5.txt (164 bytes security) (deflated 49%)
    adding: xfind.txt (164 bytes security) (deflated 75%)
    adding: backregs/01FA5212-4C65-48C4-983B-451A39202308.reg (164 bytes security) (deflated 70%)
    adding: backregs/0516FD5F-181C-4E53-A0FE-440B2C327263.reg (164 bytes security) (deflated 70%)
    adding: backregs/12A29929-A523-45F9-A9B6-F5A50294EFC4.reg (164 bytes security) (deflated 70%)
    adding: backregs/1CC2DB1F-1DB5-4ED3-8F1F-866E3E111F1A.reg (164 bytes security) (deflated 70%)
    adding: backregs/24E8D73B-5471-42B3-8699-279C4DBB3271.reg (164 bytes security) (deflated 70%)
    adding: backregs/2C02D797-01A2-4CA3-9675-9EA096D96A0B.reg (164 bytes security) (deflated 70%)
    adding: backregs/37FF2666-9E60-4F7E-B9E9-E53C832B2357.reg (164 bytes security) (deflated 70%)
    adding: backregs/599A19AA-7AB1-467B-9817-12DB2B79B9CA.reg (164 bytes security) (deflated 70%)
    adding: backregs/5EC42BFA-0D8F-4C15-8E6B-7A9DE0F16F8A.reg (164 bytes security) (deflated 70%)
    adding: backregs/603C7714-AF6E-458A-9EFB-1ABB5C4992A3.reg (164 bytes security) (deflated 70%)
    adding: backregs/73D728CF-C505-4FCA-8D3B-768848A7A6F5.reg (164 bytes security) (deflated 70%)
    adding: backregs/792438CD-BE08-4D1C-BDEA-7AD3D0F6261E.reg (164 bytes security) (deflated 70%)
    adding: backregs/8DF8B77B-C784-49F1-8D43-97E8195BC8CF.reg (164 bytes security) (deflated 69%)
    adding: backregs/95B4C1AD-4C77-4C67-AD6B-62A088DCA098.reg (164 bytes security) (deflated 70%)
    adding: backregs/B1E4D4BA-CE25-4CA2-95C4-2EE5E5870FC5.reg (164 bytes security) (deflated 70%)
    adding: backregs/B2366BE9-FF93-4106-BB82-EC2BA859C54C.reg (164 bytes security) (deflated 70%)
    adding: backregs/B304866A-2884-49B7-B8F0-8B6717D19ABD.reg (164 bytes security) (deflated 70%)
    adding: backregs/CA2E22F0-FF5A-4425-9A08-5A558DA98FAD.reg (164 bytes security) (deflated 70%)
    adding: backregs/CCE43A94-9081-4DAA-80C4-4093F96F963C.reg (164 bytes security) (deflated 70%)
    adding: backregs/D74CDBFD-DAAC-46CC-BE11-1D13717B58E8.reg (164 bytes security) (deflated 70%)
    adding: backregs/EC18AEAC-A502-49DA-808B-1DA7CA957724.reg (164 bytes security) (deflated 69%)
    adding: backregs/EF1A5C55-7967-499B-AA88-2B65558D474D.reg (164 bytes security) (deflated 70%)
    adding: backregs/F03A4DDF-5BB2-4FE8-B097-3B766F2B96A0.reg (164 bytes security) (deflated 70%)
    adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
    adding: backregs/shell.reg (164 bytes security) (deflated 72%)

    Restoring Registry Permissions:


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!


    Revoking access for predefined group "Administrators"
    Inherited ACE can not be revoked here!
    Inherited ACE can not be revoked here!


    Registry permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-NI) ALLOW Read INGEBOUWD\Gebruikers
    (ID-IO) ALLOW Read INGEBOUWD\Gebruikers
    (ID-NI) ALLOW Read INGEBOUWD\Hoofdgebruikers
    (ID-IO) ALLOW Read INGEBOUWD\Hoofdgebruikers
    (ID-NI) ALLOW Full access INGEBOUWD\Administrators
    (ID-IO) ALLOW Full access INGEBOUWD\Administrators
    (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access MAKER EIGENAAR


    Restoring Sedebugprivilege:

    Granting SeDebugPrivilege to Administrators … successful

    deleting local copy: itwphbk.dll
    deleting local copy: itwphbk.dll
    deleting local copy: kddsp.dll
    deleting local copy: kddsp.dll
    deleting local copy: wlcsvc.dll
    deleting local copy: wlcsvc.dll
    deleting local copy: guard.tmp
    deleting local copy: guard.tmp

    The following Is the Current Export of the Winlogon notify key:
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    "DLLName"="wzcdlg.dll"
    "Logon"="WZCEventLogon"
    "Logoff"="WZCEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000000


    The following are the files found:
    ****************************************************************************
    C:\WINDOWS\system32\itwphbk.dll
    C:\WINDOWS\system32\itwphbk.dll
    C:\WINDOWS\system32\kddsp.dll
    C:\WINDOWS\system32\kddsp.dll
    C:\WINDOWS\system32\wlcsvc.dll
    C:\WINDOWS\system32\wlcsvc.dll
    C:\WINDOWS\system32\guard.tmp
    C:\WINDOWS\system32\guard.tmp

    Registry Entries that were Deleted:
    Please verify that the listing looks ok.
    If there was something deleted wrongly there are backups in the backreg folder.
    ****************************************************************************
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{01FA5212-4C65-48C4-983B-451A39202308}"=-
    "{24E8D73B-5471-42B3-8699-279C4DBB3271}"=-
    "{EF1A5C55-7967-499B-AA88-2B65558D474D}"=-
    "{599A19AA-7AB1-467B-9817-12DB2B79B9CA}"=-
    "{5EC42BFA-0D8F-4C15-8E6B-7A9DE0F16F8A}"=-
    "{2C02D797-01A2-4CA3-9675-9EA096D96A0B}"=-
    "{B304866A-2884-49B7-B8F0-8B6717D19ABD}"=-
    "{12A29929-A523-45F9-A9B6-F5A50294EFC4}"=-
    "{95B4C1AD-4C77-4C67-AD6B-62A088DCA098}"=-
    "{37FF2666-9E60-4F7E-B9E9-E53C832B2357}"=-
    "{0516FD5F-181C-4E53-A0FE-440B2C327263}"=-
    "{8DF8B77B-C784-49F1-8D43-97E8195BC8CF}"=-
    "{CA2E22F0-FF5A-4425-9A08-5A558DA98FAD}"=-
    "{603C7714-AF6E-458A-9EFB-1ABB5C4992A3}"=-
    "{EC18AEAC-A502-49DA-808B-1DA7CA957724}"=-
    "{D74CDBFD-DAAC-46CC-BE11-1D13717B58E8}"=-
    "{B2366BE9-FF93-4106-BB82-EC2BA859C54C}"=-
    "{1CC2DB1F-1DB5-4ED3-8F1F-866E3E111F1A}"=-
    "{792438CD-BE08-4D1C-BDEA-7AD3D0F6261E}"=-
    "{F03A4DDF-5BB2-4FE8-B097-3B766F2B96A0}"=-
    "{73D728CF-C505-4FCA-8D3B-768848A7A6F5}"=-
    "{CCE43A94-9081-4DAA-80C4-4093F96F963C}"=-
    "{B1E4D4BA-CE25-4CA2-95C4-2EE5E5870FC5}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{01FA5212-4C65-48C4-983B-451A39202308}]
    [-HKEY_CLASSES_ROOT\CLSID\{24E8D73B-5471-42B3-8699-279C4DBB3271}]
    [-HKEY_CLASSES_ROOT\CLSID\{EF1A5C55-7967-499B-AA88-2B65558D474D}]
    [-HKEY_CLASSES_ROOT\CLSID\{599A19AA-7AB1-467B-9817-12DB2B79B9CA}]
    [-HKEY_CLASSES_ROOT\CLSID\{5EC42BFA-0D8F-4C15-8E6B-7A9DE0F16F8A}]
    [-HKEY_CLASSES_ROOT\CLSID\{2C02D797-01A2-4CA3-9675-9EA096D96A0B}]
    [-HKEY_CLASSES_ROOT\CLSID\{B304866A-2884-49B7-B8F0-8B6717D19ABD}]
    [-HKEY_CLASSES_ROOT\CLSID\{12A29929-A523-45F9-A9B6-F5A50294EFC4}]
    [-HKEY_CLASSES_ROOT\CLSID\{95B4C1AD-4C77-4C67-AD6B-62A088DCA098}]
    [-HKEY_CLASSES_ROOT\CLSID\{37FF2666-9E60-4F7E-B9E9-E53C832B2357}]
    [-HKEY_CLASSES_ROOT\CLSID\{0516FD5F-181C-4E53-A0FE-440B2C327263}]
    [-HKEY_CLASSES_ROOT\CLSID\{8DF8B77B-C784-49F1-8D43-97E8195BC8CF}]
    [-HKEY_CLASSES_ROOT\CLSID\{CA2E22F0-FF5A-4425-9A08-5A558DA98FAD}]
    [-HKEY_CLASSES_ROOT\CLSID\{603C7714-AF6E-458A-9EFB-1ABB5C4992A3}]
    [-HKEY_CLASSES_ROOT\CLSID\{EC18AEAC-A502-49DA-808B-1DA7CA957724}]
    [-HKEY_CLASSES_ROOT\CLSID\{D74CDBFD-DAAC-46CC-BE11-1D13717B58E8}]
    [-HKEY_CLASSES_ROOT\CLSID\{B2366BE9-FF93-4106-BB82-EC2BA859C54C}]
    [-HKEY_CLASSES_ROOT\CLSID\{1CC2DB1F-1DB5-4ED3-8F1F-866E3E111F1A}]
    [-HKEY_CLASSES_ROOT\CLSID\{792438CD-BE08-4D1C-BDEA-7AD3D0F6261E}]
    [-HKEY_CLASSES_ROOT\CLSID\{F03A4DDF-5BB2-4FE8-B097-3B766F2B96A0}]
    [-HKEY_CLASSES_ROOT\CLSID\{73D728CF-C505-4FCA-8D3B-768848A7A6F5}]
    [-HKEY_CLASSES_ROOT\CLSID\{CCE43A94-9081-4DAA-80C4-4093F96F963C}]
    [-HKEY_CLASSES_ROOT\CLSID\{B1E4D4BA-CE25-4CA2-95C4-2EE5E5870FC5}]
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    ****************************************************************************
    Desktop.ini Contents:
    ****************************************************************************
    ****************************************************************************
    
  • Logfile of HijackThis v1.99.1
    Scan saved at 11:02:28, on 9-8-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\wwSecure.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\toine\Bureaublad\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libradio.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin
    pjpi142_08.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin
    pjpi142_08.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123331636066
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe



  • Het tool heeft zijn werk goed uitgevoerd en het laatste log is helemaal in orde.

    Sjaak
  • Mijn dank is groot. Het is gelukt.
    Thanks

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.