Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

cuacaorn.exe

smeenk
28 antwoorden
  • Wij hebben op onze pc last van spyware, genaamd cuacaorn.exe. Spysweeper detecteert dit wel maar het kan niet verwijderd worden omdat het actief is. Met hijackthis verwijderen lukt ook niet. Opstarten in de veilige modus en dan proberen alles te verwijderen lukt ook niet. Zelfs het opstarten in DOS en dan op de "oude" manier del *.* (bij inhoud van de betreffende map) lukt ook niet.
    Kan iemand me helpen? Ik word er helemaal gek van! :evil:
    Hierbij onze log.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:41:44, on 24/08/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Norton AntiVirus\2003
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    G:\gedownloade bestanden\Downloads Max\winrar\WinRAR.exe
    C:\DOCUME~1\BRAAMB~1\LOCALS~1\Temp\Rar$EX00.467\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMeshBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet
    ewdotnet6_38.dll
    O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (file missing)
    O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [aUVHVsox] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    O4 - HKLM\..\Run: [bEVJTg1x] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    O4 - HKLM\..\Run: [YYpHX1Ex] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    O4 - HKLM\..\Run: [dE0HYgow] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Winipcfg - {A4E2ACEF-DB4E-4B3D-B89E-CD3BE33BDAB4} - C:\WINDOWS\WINIPCFG.EXE (file missing) (HKCU)
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {0D5AAD20-C9EF-11D4-B5D3-00C04F163665} (CBSBiB.iPCRClickMap) - http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {8E149656-495B-11D7-9A65-00500454A644} - http://www.trademanager.org/webinstall/actual/installtm.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} (SwitchPointLite Starter Class) - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab
    O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll
    O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\2003
    avapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Alvast bedankt voor de aandacht!
    Anneke




  • je hebt last van deze

    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net

    maar laat eerst de expers er beter naar kijken
  • Ga naar Configuratiescherm - Software - Programma?s wijzigen en verwijderen : deïnstalleer New.net Application en NewDotNet (Domains)
    Staan deze er niet tussen, dan kijk je in de dan map c:\Progam Files\NewDotNet. Zoek een in die map naar een bestand uninstallX_XX.exe. De waarde van X (een cijfer) hangt af van de versie van New.net die geïnstalleerd is op de computer.
    Vind je de uninstaller ook niet in de map c:\Progam Files\NewDotNet, dan kijk je in de map C:\Windows naar een bestand NDNuninstallX_XX.exe. (zelfde verhaal voor de X.)
    Is deze ook niet aanwezig dan kan je deze uninstaller downloaden: http://www.new.net/support/uninstall6_38.exe

    Plaats het bestand HijackThis.exe ook in een eigen map, bijvoorbeeld C:\HijackThis Dit in verband met de backups die HijackThis maakt en die gaan gemakkelijk verloren als je het programma vanuit de temp runt.

    Herstart na het uitvoeren van de eerste tips je computer en plaats een nieuw log van HijackThis.

    Scan het bestand [b:717200fee3]C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe[/b:717200fee3] ook eens met http://virusscan.jotti.org en meldt het resultaat van de scans in je volgende bericht (copy/paste)

    Groeten smeenk :wink:
  • Beste mensen,

    Ik heb New.net er af gekregen! Alleen is het cuacaorn.exe nog aanwezig op de pc! Hieronder de nieuwe log:
    Logfile of HijackThis v1.98.0
    Scan saved at 13:05:34, on 24/08/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Norton AntiVirus\2003
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMeshBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (file missing)
    O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Winipcfg - {A4E2ACEF-DB4E-4B3D-B89E-CD3BE33BDAB4} - C:\WINDOWS\WINIPCFG.EXE (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {0D5AAD20-C9EF-11D4-B5D3-00C04F163665} (CBSBiB.iPCRClickMap) - http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {8E149656-495B-11D7-9A65-00500454A644} - http://www.trademanager.org/webinstall/actual/installtm.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} (SwitchPointLite Starter Class) - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab
    O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll

    Ook heb ik het bestand laten scannen op virusscan.jotti.org, hierbij de resultaten:

    File: cUACAoRN.exe
    Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5 27672d34a8bcfb293d85194b726d1cba
    Packers detected: -
    Scanner results
    AntiVir Found TR/Spy.Hailport.2
    ArcaVir Found Adware.Commonname.G
    Avast Found Win32:Adware-gen.
    AVG Antivirus Found nothing
    BitDefender Found Trojan.Commonname.B
    ClamAV Found Adware.Comna-2
    Dr.Web Found not a virus Adware.CommonName
    F-Prot Antivirus Found nothing
    Fortinet Found Adware/Commonname.I
    Kaspersky Anti-Virus Found Trojan.Win32.CommonName.b
    NOD32 Found Win32/Adware.CommonName application
    Norman Virus Control Found W32/CommonName.I
    UNA Found nothing
    VBA32 Found AdWare.CommonName.i

    Enig idee wat ik nu nog kan doen? Alvast bedankt!
    Groetjes,
    Anneke :o

  • Ga naar Configuratiescherm – Software en deïnstalleer het volgende programma:
    [b:25d3e55755]Imesh[/b:25d3e55755]
    Imesh zit bomvol spyware en het blijven gebruiken van dit programma zou wel eens de oorzaak kunnen zijn van het steeds opnieuw terugkomen van de spyware.

    Download en installeer CCleaner.
    Gebruik het programma nog niet.

    Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden. Hoe verborgen bestanden en mappen weergeven..

    Start de computer in veilige modus.

    run HijackThis nog een keer, kies voor "Do a system csan only" en plaats een vinkje bij de volgende items:
    [b:25d3e55755]O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMeshBHO.dll
    O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    O9 - Extra button: Winipcfg - {A4E2ACEF-DB4E-4B3D-B89E-CD3BE33BDAB4} - C:\WINDOWS\WINIPCFG.EXE (file missing) (HKCU)
    O16 - DPF: {8E149656-495B-11D7-9A65-00500454A644} - http://www.trademanager.org/webinstall/actual/installtm.cab
    O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll[/b:25d3e55755]
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Zoek met je verkenner de volgende mappen en bestanden eens op en verwijder deze(indien nog aanwezig)
    C:\Program Files\[b:25d3e55755]qpsxvpqp[/b:25d3e55755]
    C:\Program Files\[b:25d3e55755]iMeshBar[/b:25d3e55755]
    C:\WINDOWS\system32\[b:25d3e55755]phpAPP20.dll[/b:25d3e55755]
    C:\Program Files\[b:25d3e55755]iMeshBHO.dll[/b:25d3e55755]

    [b:25d3e55755]Het gebruik van Ccleaner:[/b:25d3e55755]
    Ccleaner verwijderd ook cookies. Cookies zijn meestal gewoon nutteloos,
    soms zelfs kwaadaardig, maar er zijn er ook enkele die nodig zijn voor het inloggen op bepaalde websites.

    Ccleaner biedt je de mogelijkheid om in te stellen welke cookies je behouden wilt.
    Kijk hiervoor bij "Opties"en dan Cookies, selecteer de cookies die je behouden wilt en plaats die in de "Te behouden cookies" ruimte.
    Klik daarna op de knop "Opschonen".

    Herstel daarna je webinstellingen: Ga naar Configuratiescherm –> Internetopties –> tabblad Programma's.
    Klik op de "Webinstellingen herstellen".

    Start de PC in normale modus. Start HijackThis opnieuw, maak een nieuwe log en post deze.

    vr.gr.smeenk :wink:
  • Bedankt voor je uitgebreide handleiding! Ik heb alles gedaan wat je hebt opgeschreven alleen kan ik (ook niet in de veilige modus) het mapje en bestandje cuacaorn.exe niet verwijderen! Imesh is inmiddels volledig verwijderd.

    Hierbij de nieuwe log:

    Logfile of HijackThis v1.98.0
    Scan saved at 14:46:31, on 24/08/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\htpatch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Norton AntiVirus\2003
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [dkVHXoEw] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {0D5AAD20-C9EF-11D4-B5D3-00C04F163665} (CBSBiB.iPCRClickMap) - http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} (SwitchPointLite Starter Class) - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab
    O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll

    Ik hoop dat je nog iets ziet wat ik kan doen. Alvast heel erg bedankt!
    Groetjes,
    Anneke

  • Probeer het eens met killbox.
    http://www.bleepingcomputer.com/files/killbox.php
  • Helaas, ook met killbox is het niet te verwijderen, ook niet in de veilige modus :(
  • Je gebruikt nu ineens een oudere versie van HijackThis, vervang deze eens met de nieuwste versie en plaats dan een nieuw log van HijackThis.

    Download Pocket KillBox.
    Unzip het programma naar je bureaublad.
    Klik op killbox.exe.
    Selecteer de optie “Delete on reboot”.
    In het veld “Full path of file to delete" Kopieer en plak je het volgende:
    [code:1:0af53c333e]C:\Program Files\qpsxvpqp\cUACAoRN.exe
    C:\Program Files\qpsxvpqp\NRoACAUc.exe [/code:1:0af53c333e]
    Klik op de knop met de rode cirkel en het witte kruis.
    Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. Klik op de knop "YES".
    Als deze niet wil rebooten herstart dan zelf je computer.

    Je gebruikt nu ineens een oudere versie van HijackThis, vervang deze eens met de nieuwste versie en plaats dan een nieuw log van HijackThis.

    Groeten smeenk
  • Ja lekker dom he? Hierbij alsnog de juiste log:
    Logfile of HijackThis v1.99.1
    Scan saved at 18:16:50, on 24/08/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Norton AntiVirus\2003
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    E:\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {0D5AAD20-C9EF-11D4-B5D3-00C04F163665} (CBSBiB.iPCRClickMap) - http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} (SwitchPointLite Starter Class) - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab
    O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll (file missing)
    O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\2003
    avapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



  • Je zou ook eens naar de rechten van het bestand kunnen kijken. Een enkele keer worden die ook wel naar readonly oid. veranderd. Gebeurt ook wel eens met services, en rechten in de registry. Dan de rechten zo ruim mogelijk instellen, proces afbreken in taakbeheer (of met APM), en vervolgens verwijderen, al dan niet met killbox.

    http://www.diamondcs.com.au/index.php?page=apm
  • Gerben heeft gelijk, daarbij wil ik dus aanvullen dat het hier dus om 2 processen gaat die je beide moet beeindigen alvorens deze te verwijderen.
    [quote:1f611d7b2a]C:\Program Files\qpsxvpqp\cUACAoRN.exe
    C:\Program Files\qpsxvpqp\NRoACAUc.exe[/quote:1f611d7b2a]
    Groeten smeenk
  • Probeer het volgende ook eens: Configuratiescherm -> Software -> Kijk of het volgende er staat, selecteer deze en kies voor verwijderen.
    [b:d4e364cc1a]CommonName[/b:d4e364cc1a]

    Groeten smeenk :wink:
  • Beste Gerben en Smeenk,
    Ik heb alles gedaan wat jullie hebben opgeschreven maar ik krijg die processen niet beeindigd! Ook niet met het programma APM. Hij beeindigd de 2 toepassingen wel maar daarna zie je dat de toepassingen meteen weer opstarten! Ik ben bang dat ik er nooit meer vanaf kom. Hebben jullie nog een tip??
  • Deze al geprobeerd:
    Probeer het volgende ook eens: Configuratiescherm -> Software -> Kijk of het volgende er staat, selecteer deze en kies voor verwijderen.
    [b:d1469eb96e]CommonName[/b:d1469eb96e]

    Groeten smeenk :wink:
  • Kun je de bestanden ook hernoemen? Als ie ze dan weer opnieuw probeert op te starten, zal dat niet lukken, omdat ie ze niet kan vinden.
  • Mocht dit ook niet werken.

    Ik heb zelf het idee, dat deze bestanden iedere keer terug worden geplaatst.
    We kunnen best eerst even kijken waar ze naar verwijzen in het register.
    Download de Registry Search Tool hier. Unzip en run het script. Krijg je een reactie van je antivirusprogramma dan moet je Script blocking uitschakelen in het anti-virusprogramma. In het Zoekveld geef je het volgende in:
    [b:3748737fe8]cUACAoRN.exe[/b:3748737fe8]
    Post het resultaat.

    Doe hetzelfde voor [b:3748737fe8]NRoACAUc.exe[/b:3748737fe8]

    Groeten smeenk :wink:
  • Beste Gerben en Smeenk,
    Ik heb geen CommonName gveonden in software. Ook heb ik geprobeerd de bestanden (ze staan inderdaad op read only) te wijzigen door het vinkje weg te halen. Dat lukt niet, ik krijg een foutmelding. Ook het wijzigen van de bestandsnamen lukt niet. Het is heel irritant!
    Ik heb het register laten doorzoeken op cUACAoRN.exe. Eerst vond het programma niks, daarna heb ik gezocht op cuacaorn. Toen vond hij 670 items! Ook heb ik gezocht op bYVHVAUx, want dat is waas Spysweeper naar verwijst, en dit heeft ook weer te maken met cuacaorn. Op NRoACAUc.exe is niets gevonden.

    Resultaten cUACAoRN:
    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "cUACAoRN" 25/08/2005 15:40:58

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aA0GTgUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aA0GTgUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aA0GU11v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aA0GU11v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aApGYs1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aApGYs1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aAVGYo1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aAVGYo1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aAVJQAow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aAVJQAow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aEFGV91w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aEFGV91w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aEFHQcUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aEFHQcUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agFGQsUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agFGQsUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agFGYo1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agFGYo1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agpGXAUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agpGXAUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agpGXw1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agpGXw1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agVHZ91v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agVHZ91v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\akFJTA1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\akFJTA1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aM0GY91w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aM0GY91w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aM0HWgUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aM0HWgUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aMFHQgUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aMFHQgUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aQFGZ9Ux]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aQFGZ9Ux]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aU0HT9Ex]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aU0HT9Ex]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUFJSwUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUFJSwUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUpGTkow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUpGTkow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUpHWoEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUpHWoEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aw0GT11x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aw0GT11x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aw0GYs1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aw0GYs1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awFGSs1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awFGSs1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awFHWcow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awFHWcow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awpGScow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awpGScow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYFHTgov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYFHTgov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYpGU51v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYpGU51v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVGSsox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVGSsox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVHZoUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVHZoUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bAFGV9Ex]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bAFGV9Ex]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bAFHX91v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bAFHX91v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bApGVo1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bApGVo1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bApHUwUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bApHUwUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bE0GV1Ux]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bE0GV1Ux]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEFJY9Ew]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEFJY9Ew]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEpGTw1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEpGTw1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEVJUsEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEVJUsEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIFJY5ow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIFJY5ow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIVGYgov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIVGYgov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIVGZcEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIVGZcEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bkFJSoEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bkFJSoEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bM0HTgow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bM0HTgow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMFGQgEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMFGQgEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMpGZg1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMpGZg1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMpHQwEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMpHQwEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMVGQoEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMVGQoEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQ0HYw1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQ0HYw1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQpGZk1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQpGZk1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQpHV1ox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQpHV1ox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVHRoov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVHRoov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJUw1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJUw1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJWkox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJWkox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJXgUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJXgUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bU0HS1Uw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bU0HS1Uw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUFGQAow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUFGQAow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUpHYAox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUpHYAox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUVGR11v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUVGR11v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bw0HZkox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bw0HZkox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bwFJXAEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bwFJXAEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bY0HVkUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bY0HVkUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bYpHYsow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bYpHYsow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bYVHVAUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bYVHVAUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cApHQgUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cApHQgUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHR11w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHR11w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHXc1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHXc1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHY1ow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHY1ow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEFGZcox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEFGZcox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEVGU91w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEVGU91w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEVGZwUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEVGZwUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cg0GVsox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cg0GVsox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cgFJUo1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cgFJUo1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cgpGTgUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cgpGTgUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIFJVAUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIFJVAUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIpGU1ov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIpGU1ov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIVJRw1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIVJRw1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cM0GQgox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cM0GQgox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cMVGTw1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cMVGTw1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQ0HZ5Ew]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQ0HZ5Ew]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQFJXwox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQFJXwox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQVJSAox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQVJSAox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQVJVkox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQVJVkox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cU0HYkox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cU0HYkox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cUVJVwov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cUVJVwov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cYFHR51w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cYFHR51w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cYFJQ51x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cYFJQ51x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dAFGRsUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dAFGRsUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dEVHQ51v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dEVHQ51v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dgFHRcov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dgFHRcov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dgVHZg1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dgVHZg1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dI0GWgEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dI0GWgEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIFGVg1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIFGVg1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIFHY11v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIFHY11v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIVHW5Uw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIVHW5Uw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIVJSw1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIVJSw1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dkpHU5Uw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dkpHU5Uw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dM0HX51w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dM0HX51w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dMFHUcEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dMFHUcEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dQVGToUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dQVGToUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dQVGV5ov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dQVGV5ov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUFGV1Ex]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUFGV1Ex]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUpGQwUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUpGQwUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dwFHUw1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dwFHUw1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dwVJXwov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dwVJXwov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dY0GZAUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dY0GZAUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dYFGXgUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dYFGXgUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eEVJR5Ew]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eEVJR5Ew]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGRoEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGRoEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGU5ov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGU5ov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGU91x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGU91x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGWo1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGWo1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egVGY1Ex]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egVGY1Ex]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eI0GW51v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eI0GW51v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ek0GWg1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ek0GWg1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ekFGVsUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ekFGVsUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ekpGYoEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ekpGYoEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0GToUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0GToUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0GZo1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0GZo1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0HV51x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0HV51x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eUFJRgEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eUFJRgEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eUpHVkEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eUpHVkEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GQcEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GQcEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GTAow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GTAow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GZo1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GZo1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYFGR91x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYFGR91x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYpGUAEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYpGUAEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVGRo1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVGRo1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVGTsEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVGTsEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVHV9ow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVHV9ow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVJYgEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVJYgEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fA0GWsox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fA0GWsox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fA0GZwEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fA0GZwEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fAFHQsov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fAFHQsov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fE0HVg1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fE0HVg1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fEFJT91w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fEFJT91w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fgFGQ51w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fgFGQ51w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fgpHVAEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fgpHVAEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fI0GRoEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fI0GRoEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fIFJTsox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fIFJTsox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fkpHToEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fkpHToEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fkVGSkEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fkVGSkEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GWcEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GWcEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GWoEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GWoEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GZoEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GZoEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQ0GSs1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQ0GSs1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQFHZsUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQFHZsUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQpGQwEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQpGQwEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fUFHVwUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fUFHVwUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fUpGZ91w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fUpGZ91w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fwpHYo1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fwpHYo1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fwVGS51x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fwVGS51x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYFHWsEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYFHWsEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYpGVoov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYpGVoov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYVHT5Ew]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYVHT5Ew]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYVJYoEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYVJYoEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QApGR5ov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QApGR5ov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QE0GY9ov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QE0GY9ov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QEFHSsow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QEFHSsow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QEpGXkEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QEpGXkEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qg0GQsow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qg0GQsow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QgpHU1Ew]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QgpHU1Ew]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QIpGRw1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QIpGRw1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qk0HY9Ew]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qk0HY9Ew]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QkFGTw1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QkFGTw1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QkVGZ9ov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QkVGZ9ov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0GSgEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0GSgEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0GY9Ux]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0GY9Ux]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0HXgov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0HXgov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QMpGWgUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QMpGWgUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QMVHQgov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QMVHQgov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QUpGZsox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QUpGZsox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qw0HX9Ew]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qw0HX9Ew]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QwFGVcEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QwFGVcEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYFJWsov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYFJWsov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYVGSgEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYVGSgEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYVJScEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYVJScEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAFGQo1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAFGQo1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAVGXg1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAVGXg1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAVJTs1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAVJTs1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RE0GXAEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RE0GXAEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REFGSk1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REFGSk1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgFHYc1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgFHYc1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgFJS1ov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgFJS1ov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgVGUk1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgVGUk1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RI0GUsox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RI0GUsox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RkFGR5Ex]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RkFGR5Ex]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RkFHSwUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RkFHSwUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMFJTAUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMFJTAUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMFJY9Uw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMFJY9Uw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMpGYcEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMpGYcEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMVGUo1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMVGUo1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMVHT5ov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMVHT5ov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQ0GVcEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQ0GVcEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQ0GZsUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQ0GZsUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQpGW1ov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQpGW1ov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQVGZ9Uw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQVGZ9Uw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RU0HW9Ex]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RU0HW9Ex]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RUFJT51x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RUFJT51x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RUVGTcEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RUVGTcEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RY0HT5Ex]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RY0HT5Ex]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RYFGTcox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RYFGTcox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YA0HSsox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YA0HSsox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YA0HXs1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YA0HXs1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YAVHWs1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YAVHWs1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YE0GTcUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YE0GTcUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yg0HWoEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yg0HWoEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yg0HWoow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yg0HWoow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YgVJUsEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YgVJUsEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YIVHWkow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YIVHWkow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yk0HXAUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yk0HXAUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVGXsUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVGXsUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVHQkox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVHQkox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVHXkUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVHXkUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMpHRcow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMpHRcow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMVGVsUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMVGVsUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMVHV51w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMVHV51w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQpGV11x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQpGV11x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQpGW1ov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQpGW1ov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQVHU5Ew]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQVHU5Ew]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0GRwEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0GRwEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HTk1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HTk1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HX1ow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HX1ow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HZ1ox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HZ1ox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUFHTAox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUFHTAox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUpGQgUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUpGQgUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUpGV5ov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUpGV5ov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUVGSA1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUVGSA1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YwFGW9ov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YwFGW9ov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YY0GZcov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YY0GZcov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YY0HYwox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YY0HYwox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YYFJZAox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YYFJZAox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YYpGRgEx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YYpGRgEx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZA0GSo1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZA0GSo1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZE0GX9Ux]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZE0GX9Ux]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZEpHXA1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZEpHXA1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZEVHW1Ew]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZEVHW1Ew]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zg0GSsUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zg0GSsUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgFGWgox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgFGWgox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgFJWsov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgFJWsov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgVJSoUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgVJSoUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZI0GRsEw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZI0GRsEw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIFJR9Ew]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIFJR9Ew]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIVHSwov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIVHSwov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIVJU91x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIVJU91x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zk0GXsUw]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zk0GXsUw]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZkVHQcov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZkVHQcov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZkVJYkox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZkVJYkox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZM0HVgox]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZM0HVgox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZMpGWcUx]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZMpGWcUx]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQ0HQ1ow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQ0HQ1ow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQ0HQ5ow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQ0HQ5ow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQVHQg1v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQVHQg1v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZUpHZ91w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZUpHZ91w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZUVHT9ow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZUVHT9ow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwFGTw1x]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwFGTw1x]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwpHS9Ew]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwpHS9Ew]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwpHV91v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwpHV91v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZY0GU91v]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZY0GU91v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZY0HYgov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZY0HYgov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYFHQsow]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYFHQsow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYFHXAov]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYFHXAov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYpGUg1w]
    "item"="cUACAoRN"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYpGUg1w]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "bYVHVAUx"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"="cUACAoRN"

    [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aAFHS9ow]
    "path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aAFHS9ow]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aAFJXwov]
    "path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aAFJXwov]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aEFHZ5Ux]
    "path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aEFHZ5Ux]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aEVJYAox]
    "path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aEVJYAox]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_akVGT51v]
    "path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_akVGT51v]
    "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"

    [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Soft
  • Hallo, Anneke
    Ik kom er nog niet uit, ik krijg op dit moment wel fantastische hulp op de achtergrond.
    Ik denk dat we nog meer informatie moeten hebben:
    Download Winpfind.zip en installeer het in op het bureaublad
    Start de computer op in VEILIGE mode. Open [b:c6a964dbd4]WinPFind[/b:c6a964dbd4] en dubbel-klik op [b:c6a964dbd4]WinPFind.exe[/b:c6a964dbd4]. Wanneer het progamma is gestart klik op de Start Scan button. Dit scannen kan even duren. Wanneer de scan klaar is wordt een log gemaakt.
    Herstart de computer in normale mode en post de inhoud van WinPFind.txt.


    Maak een startuplist met behulp van HijackThis
    Open Misc Tools en zet een vinkje bij de 2 items rechts van "Generate a startuplist log"
    daarna de startuplist log genereren en ook in een bericht posten.

    Het is inderdaad een taaie rakker :wink:

    Als het commonname is zou je hier wat aan kunnen hebben: http://is.asu.edu/instruction/myasu/tutorials/commonname.html

    Groeten smeenk
  • Hoi Smeenk,
    Geweldig dat jullie me zo helpen, echt té gek hoor!
    Ik heb heb alles gedaan alleen is het niet volledig gelukt. Ik kreeg een fotmelding tijdens het scannen bij WinPFind. De melding was : invalid data type for "flag". Vervolgens bleef de zandlopen lopen en heb ik het moeten afbreken. Er is wel een log (maar ik denk niet volledig):

    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding…" you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
    Internet Explorer Version: 6.0.2900.2180

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder…

    Checking %ProgramFilesDir% folder…

    Checking %WinDir% folder…
    PECompact2 11/04/2005 20:39:38 14563177 C:\WINDOWS\LPT$VPN.556
    qoologic 11/04/2005 20:39:38 14563177 C:\WINDOWS\LPT$VPN.556
    SAHAgent 11/04/2005 20:39:38 14563177 C:\WINDOWS\LPT$VPN.556
    UPX! 11/04/2005 20:39:40 170053 C:\WINDOWS\tsc.exe
    PECompact2 11/04/2005 20:39:38 14563177 C:\WINDOWS\VPTNFILE.556
    qoologic 11/04/2005 20:39:38 14563177 C:\WINDOWS\VPTNFILE.556
    SAHAgent 11/04/2005 20:39:38 14563177 C:\WINDOWS\VPTNFILE.556
    UPX! 11/04/2005 20:39:40 1044560 C:\WINDOWS\vsapi32.dll
    aspack 11/04/2005 20:39:40 1044560 C:\WINDOWS\vsapi32.dll

    Checking %System% folder…
    UPX! 22/06/2003 14:40:40 71168 C:\WINDOWS\SYSTEM32\Agent.dll
    UPX! 31/05/2004 8:02:04 220672 C:\WINDOWS\SYSTEM32\B4FM.dll
    UPX! 14/05/2003 6:51:12 22016 C:\WINDOWS\SYSTEM32\ctbv2.dll
    PEC2 07/09/2001 14:00:00 41122 C:\WINDOWS\SYSTEM32\dfrg.msc
    UPX! 13/05/2003 6:34:54 131072 C:\WINDOWS\SYSTEM32\ezStubi.dll
    PTech 15/11/2003 13:41:52 H 2504815 C:\WINDOWS\SYSTEM32\kyf.dat
    PECompact2 05/08/2005 3:31:54 1455960 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 05/08/2005 3:31:54 1455960 C:\WINDOWS\SYSTEM32\MRT.exe
    UPX! 15/06/2003 9:08:04 97280 C:\WINDOWS\SYSTEM32\msbb1.dll
    UPX! 20/06/2003 17:49:06 30720 C:\WINDOWS\SYSTEM32
    etpals.dll
    UPX! 03/04/2003 18:26:10 88064 C:\WINDOWS\SYSTEM32\NLNP13.dll
    UPX! 14/08/2003 15:29:28 113664 C:\WINDOWS\SYSTEM32
    ostalgia.dll
    aspack 04/08/2004 10:03:00 729088 C:\WINDOWS\SYSTEM32
    tdll.dll
    Umonitor 04/08/2004 10:03:20 676864 C:\WINDOWS\SYSTEM32\rasdlg.dll
    UPX! 31/08/2003 11:26:38 71168 C:\WINDOWS\SYSTEM32\SHAgent.dll
    UPX! 18/08/2003 8:47:38 71168 C:\WINDOWS\SYSTEM32\SHAgentNew.dll
    winsync 07/09/2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
    UPX! 19/09/2003 8:59:32 226304 C:\WINDOWS\SYSTEM32\Xcite.dll

    Checking %System%\Drivers folder and sub-folders…
    PTech 04/08/2004 7:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days…
    26/08/2005 8:16:30 S 2048 C:\WINDOWS\bootstat.dat
    25/08/2005 12:27:34 HS 35840 C:\WINDOWS\Thumbs.db
    01/07/2005 14:56:16 H 0 C:\WINDOWS\inf\oem42.inf
    24/08/2005 14:35:32 HS 20480 C:\WINDOWS\system32\Thumbs.db
    26/08/2005 8:05:14 H 1007 C:\WINDOWS\system32\vsconfig.xml
    08/07/2005 16:23:14 S 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
    30/06/2005 9:06:28 S 11437 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat
    19/07/2005 20:48:48 S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
    30/06/2005 13:42:14 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat
    30/06/2005 14:21:06 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat
    30/06/2005 8:46:12 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat
    28/06/2005 19:12:50 S 11845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
    02/07/2005 10:18:12 S 9445 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat
    26/08/2005 8:16:20 H 8192 C:\WINDOWS\system32\config\default.LOG
    26/08/2005 8:16:50 H 1024 C:\WINDOWS\system32\config\SAM.LOG
    26/08/2005 8:16:32 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
    26/08/2005 8:17:34 H 65536 C:\WINDOWS\system32\config\software.LOG
    26/08/2005 8:16:40 H 1458176 C:\WINDOWS\system32\config\system.LOG
    13/08/2005 23:20:34 H 1024 C:\WINDOWS\system32\config\systemprofile
    tuser.dat.LOG
    07/08/2005 13:50:14 S 7652 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
    07/08/2005 13:50:14 S 134 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
    31/07/2005 9:45:46 HS 6144 C:\WINDOWS\system32\iMesh_Cache\Thumbs.db
    20/07/2005 15:49:40 H 16826 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_QI021E.GID
    31/07/2005 9:45:46 HS 6144 C:\WINDOWS\system32\WinFox\Thumbs.db
    26/08/2005 8:14:26 H 6 C:\WINDOWS\Tasks\SA.DAT

    Checking for CPL files…
    Microsoft Corporation 04/08/2004 10:03:36 70656 C:\WINDOWS\SYSTEM32\access.cpl
    Microsoft Corporation 04/08/2004 10:03:36 554496 C:\WINDOWS\SYSTEM32\appwiz.cpl
    Creative Technology Ltd. 28/05/2001 14:47:00 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
    11/05/2001 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
    Microsoft Corporation 04/08/2004 10:03:36 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
    Creative Technology Ltd. 30/03/2001 3:00:00 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl
    Microsoft Corporation 04/08/2004 10:03:36 137728 C:\WINDOWS\SYSTEM32\desk.cpl
    Microsoft Corporation 04/08/2004 10:03:36 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
    Microsoft Corporation 04/08/2004 10:03:36 156672 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    Microsoft Corporation 04/08/2004 10:03:36 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 04/08/2004 10:03:36 132608 C:\WINDOWS\SYSTEM32\intl.cpl
    Microsoft Corporation 04/08/2004 10:03:36 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
    Microsoft Corporation 04/08/2004 10:03:36 69632 C:\WINDOWS\SYSTEM32\joy.cpl
    Sun Microsystems 22/02/2004 23:44:42 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 07/09/2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
    AvantGo, Inc. 22/02/2003 0:58:26 69632 C:\WINDOWS\SYSTEM32\MBLLNK.CPL
    Microsoft Corporation 04/08/2004 10:03:36 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
    02/03/1998 11:24:38 41984 C:\WINDOWS\SYSTEM32\mtrcfg.cpl
    Microsoft Corporation 07/09/2001 14:00:00 35840 C:\WINDOWS\SYSTEM32
    cpa.cpl
    Microsoft Corporation 04/08/2004 10:03:36 25600 C:\WINDOWS\SYSTEM32
    etsetup.cpl
    Microsoft Corporation 04/08/2004 10:03:36 260608 C:\WINDOWS\SYSTEM32
    usrmgr.cpl
    NVIDIA Corporation 06/10/2003 15:16:00 73728 C:\WINDOWS\SYSTEM32
    vtuicpl.cpl
    Microsoft Corporation 04/08/2004 10:03:36 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
    Sun Microsystems 02/10/2002 13:01:34 45171 C:\WINDOWS\SYSTEM32\plugincpl131_06.cpl
    Microsoft Corporation 04/08/2004 10:03:36 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
    19/11/1999 14:54:12 155648 C:\WINDOWS\SYSTEM32\PPPoEService.cpl
    Apple Computer, Inc. 30/09/2004 16:24:08 324608 C:\WINDOWS\SYSTEM32\QuickTime.cpl
    Microsoft Corporation 04/08/2004 10:03:38 302592 C:\WINDOWS\SYSTEM32\sysdm.cpl
    Microsoft Corporation 07/09/2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
    Microsoft Corporation 04/08/2004 10:03:38 94720 C:\WINDOWS\SYSTEM32\timedate.cpl
    24/10/1998 14:01:00 R 53248 C:\WINDOWS\SYSTEM32\VSVART.cpl
    Microsoft Corporation 04/08/2004 10:03:38 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
    WildTangent, Inc. 27/09/2002 14:47:26 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
    Microsoft Corporation 26/05/2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 04/08/2004 10:03:36 359936 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
    Microsoft Corporation 07/09/2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
    Microsoft Corporation 07/09/2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache
    cpa.cpl
    Microsoft Corporation 07/09/2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
    Microsoft Corporation 26/05/2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder…
    02/10/2002 9:56:20 HS 84 C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\desktop.ini

    Checking files in %ALLUSERSPROFILE%\Application Data folder…
    01/08/2002 16:30:00 HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini

    Checking files in %USERPROFILE%\Startup folder…

    Checking files in %USERPROFILE%\Application Data folder…
    17/04/2005 18:35:56 1210 C:\Documents and Settings\Braambosch\Mijn documenten\Application Data\AdobeDLM.log
    01/08/2002 16:30:00 HS 62 C:\Documents and Settings\Braambosch\Mijn documenten\Application Data\desktop.ini
    17/04/2005 18:35:56 0 C:\Documents and Settings\Braambosch\Mijn documenten\Application Data\dm.ini

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    Cable Wanadoo = IEAKCable Wanadoo
    ESB{724A5BE0-ACF6-46F3-A275-C1039B8DD43E} =
    SV1 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
    {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = E:\Adobe\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
    {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\gedownloade bestanden\Downloads Max\winrar\rarext.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
    {797F3885-5429-11D4-8823-0050DA59922B} = E:\Ws-FTP Prof\wsftpsi.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
    {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
    {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
    {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\gedownloade bestanden\Downloads Max\winrar\rarext.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
    {797F3885-5429-11D4-8823-0050DA59922B} = E:\Ws-FTP Prof\wsftpsi.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
    {73B24247-042E-4EF5-ADC2-42F62E6FD654} =
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\gedownloade bestanden\Downloads Max\winrar\rarext.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
    {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    AcroIEHlprObj Class = E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
    AcroIEToolbarHelper Class = E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
    CNavExtBho Class = C:\Program Files\Norton AntiVirus\2003\NavShExt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
    Adobe PDF = E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip van de dag = %SystemRoot%\System32\shdocvw.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
    Real.com = C:\WINDOWS\System32\Shdocvw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
    ButtonText = Toevoegen aan Mobiele favorieten :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
    MenuText = Toevoegen aan Mobiele favorieten… : C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    ButtonText = Onderzoek :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    ButtonText = Real.com :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
    ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    =
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
    File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
    Favorites Band = %SystemRoot%\System32\shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
    History Band = %SystemRoot%\System32\shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
    Explorer-band = %SystemRoot%\System32\shdocvw.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
    {1C78AB3F-A857-482E-80C0-3A1E5238A565} = :
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
    {E6AE90A4-1B01-47F0-AA78-E6B122E145E9} = :
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Toolbar : C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koppelingen : %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    HTpatch C:\WINDOWS\htpatch.exe
    UpdReg C:\WINDOWS\UpdReg.EXE
    MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    bYVHVAUx C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    Hierbij de log van Hijackthis:
    StartupList report, 26/08/2005, 9:00:14
    StartupList version: 1.52.2
    Started from : E:\Hijack\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Norton AntiVirus\2003
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\Hijack\HijackThis.exe

    ————————————————–

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Bean\Programma's\Opstarten]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten]
    *No files*

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx


    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /s

    ————————————————–

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

    ————————————————–

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    ————————————————–

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

    [{8b15971b-5355-4c82-8c07-7e181ea07608}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

    ————————————————–

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    ————————————————–

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    ————————————————–

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    ————————————————–

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    ————————————————–

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Register-editor'

    Registry check passed

    ————————————————–

    Enumerating Browser Helper Objects:

    (no name) - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
    NAV Helper - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    ————————————————–

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Mijn computer scannen.job
    Symantec NetDetect.job
    {39C56FD3-AF37-478D-B788-250E4099C5B5}_C3649579_Braambosch.job

    ————————————————–

    Enumerating Download Program Files:

    [Microsoft XML Parser for Java]
    CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    [CryptoRSA Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\CRYPTO~1.OCX
    CODEBASE = https://www.p3.postbank.nl/sesam/CAX.cab

    [QuickTime Object]
    InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [CBSBiB.iPCRClickMap]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\klikkaart.ocx
    CODEBASE = http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

    [MSSecurityAdvisor Class]
    InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
    CODEBASE = http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1076452679607

    [Minesweeper Flags Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab

    [Symantec AntiVirus scanner]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

    [OPUCatalog Class]
    InProcServer32 = C:\WINDOWS\System32\opuc.dll
    CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

    [OPUCatalog Class]
    InProcServer32 = C:\WINDOWS\System32\opuc.dll
    CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

    [{62475759-9E84-458E-A1AB-5D2C442ADFDE}]
    CODEBASE = http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe

    [WUWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\wuweb.dll
    CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471

    [HouseCall Besturing]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

    [AvxScanOnline Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX
    CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab

    [Java Plug-in 1.4.2_04]
    InProcServer32 = C:\Program Files\Java\j2re1.4.2_04\bin
    pjpi142_04.dll
    CODEBASE = http://java.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab

    [MessengerStatsClient Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

    [InstallShield International Setup Player]
    InProcServer32 = c:\windows\DOWNLO~1\isetup.dll
    CODEBASE = http://www.installengine.com/engine/isetup.cab

    [Installation Helper Object]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\instwact.dll
    CODEBASE = http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll

    [Anonymizer Anti-Spyware Scanner]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebAAS.dll
    CODEBASE = http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

    [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37868.3905092593

    [IEAnimBehaviorFactory Class]
    InProcServer32 = C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL
    CODEBASE = http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab

    [GDIChk Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\GDIChk.dll
    CODEBASE = http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB

    [ING Bank Autorisatiescherm]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\AXDigiSign.dll
    CODEBASE = http://secure.ingbank.nl/download/DigiSign.cab

    [MsnMessengerSetupDownloadControl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
    CODEBASE = http://messenger.msn.com/download/msnmessengersetupdownloader.cab

    [Symantec RuFSI Registry Information Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    [Virtools WebPlayer Class]
    InProcServer32 = C:\Program Files\Virtools Web Player 2.5\WebPlayer.ocx
    CODEBASE = http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe

    [Java Plug-in 1.3.1_06]
    InProcServer32 = e:\Program Files\JavaSoft\JRE\1.3.1_06\bin
    pjava131_06.dll
    CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_06-win.cab

    [Java Plug-in 1.4.2_04]
    InProcServer32 = C:\Program Files\Java\j2re1.4.2_04\bin
    pjpi142_04.dll
    CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\macromed\flash\flash.ocx
    CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [PBGNX Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\PBGNX.ocx
    CODEBASE = https://www.p3.postbank.nl/GTO/PBGNX.cab

    [PopCapLoader Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
    CODEBASE = http://www.popcap.com/games/popcaploader_v6.cab

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    [SwitchPointLite Starter Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\Starter.dll
    CODEBASE = http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab

    ————————————————–

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    NameSpace #4: C:\WINDOWS\System32
    wprovau.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll
    Protocol #14: C:\WINDOWS\system32\mswsock.dll
    Protocol #15: C:\WINDOWS\system32\mswsock.dll
    Protocol #16: C:\WINDOWS\system32\mswsock.dll
    Protocol #17: C:\WINDOWS\system32\mswsock.dll
    Protocol #18: C:\WINDOWS\system32\mswsock.dll
    Protocol #19: C:\WINDOWS\system32\mswsock.dll
    Protocol #20: C:\WINDOWS\system32\mswsock.dll
    Protocol #21: C:\WINDOWS\system32\mswsock.dll
    Protocol #22: C:\WINDOWS\system32\mswsock.dll
    Protocol #23: C:\WINDOWS\system32\mswsock.dll
    Protocol #24: C:\WINDOWS\system32\mswsock.dll
    Protocol #25: C:\WINDOWS\system32\mswsock.dll
    Protocol #26: C:\WINDOWS\system32\mswsock.dll
    Protocol #27: C:\WINDOWS\system32\mswsock.dll
    Protocol #28: C:\WINDOWS\system32\mswsock.dll
    Protocol #29: C:\WINDOWS\system32\mswsock.dll
    Protocol #30: C:\WINDOWS\system32\mswsock.dll
    Protocol #31: C:\WINDOWS\system32\mswsock.dll
    Protocol #32: C:\WINDOWS\system32\mswsock.dll
    Protocol #33: C:\WINDOWS\system32\mswsock.dll
    Protocol #34: C:\WINDOWS\system32\mswsock.dll

    ————————————————–

    Enumerating Windows NT/2000/XP services

    Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)
    AdobeVersionCue: E:\Adobe\Adobe Version Cue\service\VersionCue.exe (manual start)
    Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
    Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (system)
    Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
    Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    1394 ARP-clientprotocol: System32\DRIVERS\arp1394.sys (manual start)
    ASP.NET-statusservice: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
    Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start)
    Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system)
    ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start)
    Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    MAC-brug: System32\DRIVERS\bridge.sys (manual start)
    MAC-brugminipoort: System32\DRIVERS\bridge.sys (manual start)
    Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    WinFast TV2000 XP WDM Video Capture: system32\drivers\wf2kvcap.sys (autostart)
    Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
    Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
    Symantec Password Validation Service: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
    Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system)
    Indexing-service: C:\WINDOWS\System32\cisvc.exe (autostart)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
    C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
    COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.EXE (autostart)
    Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Creative AC3 Software Decoder: System32\drivers\ctac32k.sys (manual start)
    Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)
    Creative SB Live!-spelpoort: System32\DRIVERS\ctljystk.sys (manual start)
    Creative Proxy Driver: System32\drivers\ctprxy2k.sys (manual start)
    Creative SoundFont Management Device Driver: System32\drivers\ctsfm2k.sys (manual start)
    Dual-Mode DSC(2770): System32\Drivers\SQcaptur.sys (manual start)
    DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    dmio: System32\drivers\dmio.sys (disabled)
    dmload: System32\drivers\dmload.sys (disabled)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
    Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start)
    Pinnacle PCTV Deluxe USB (PAL) Device: System32\DRIVERS\DunePal.sys (manual start)
    E-mu Plug-in Architecture Driver: System32\drivers\emupia2k.sys (manual start)
    Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
    Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Fax: %systemroot%\system32\fxssvc.exe (autostart)
    Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start)
    Stuurprogramma voor diskettestation: System32\Drivers\Sdfloppy.sys (manual start)
    FltMgr: system32\drivers\fltmgr.sys (system)
    Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system)
    Spelpoort-enumerator: System32\DRIVERS\gameenum.sys (manual start)
    GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
    Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start)
    Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start)
    HCF_MSFT: System32\DRIVERS\HCF_MSFT.sys (manual start)
    Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sys (manual start)
    HTTP: System32\Drivers\HTTP.sys (manual start)
    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
    Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system)
    Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system)
    COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start)
    InCDPass: System32\DRIVERS\InCDPass.sys (system)
    InCD Helper: C:\Program Files\Ahead\InCD\InCDsrv.exe (autostart)
    Intel GV3-processorstuurprogramma: System32\DRIVERS\intelppm.sys (system)
    IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (disabled)
    IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system)
    IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system)
    iTouch Keyboard Filter: System32\DRIVERS\itchfltr.sys (manual start)
    Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system)
    Stuurprogramma voor toetsenbord-HID: System32\DRIVERS\kbdhid.sys (system)
    Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start)
    Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042pr2.Sys (manual start)
    Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Logitech USB Filter Driver: System32\Drivers\LCcFltr.Sys (manual start)
    Logitech HID/USB Mouse Filter Driver: System32\DRIVERS\LHidFlt2.Sys (manual start)
    Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start)
    TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.Sys (manual start)
    mchInjDrv: \??\C:\DOCUME~1\BRAAMB~1\LOCALS~1\Temp\mc21.tmp (disabled)
    Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (disabled)
    Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
    Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system)
    Stuurprogramma voor muis-HID: System32\DRIVERS\mouhid.sys (manual start)
    WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
    Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
    Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)
    BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.sys (manual start)
    Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
    Microsoft MPU-401 MIDI UART-stuurprogramma: system32\drivers\msmpu401.sys (manual start)
    NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
    Norton AntiVirus Auto-Protect: "C:\Program Files\Norton AntiVirus\2003
    avapsvc.exe" (autostart)
    NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050824.008\NAVENG.Sys (manual start)
    NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050824.008\NavEx15.Sys (manual start)
    Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
    RAS NDIS TAPI-stuurprogramma: System32\DRIVERS
    distapi.sys (manual start)
    I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS
    disuio.sys (manual start)
    RAS NDIS WAN-stuurprogramma: System32\DRIVERS
    diswan.sys (manual start)
    NetBIOS-interface: System32\DRIVERS
    etbios.sys (system)
    NetBT: System32\DRIVERS
    etbt.sys (system)
    Network DDE: %SystemRoot%\system32
    etdde.exe (disabled)
    Network DDE DSDM: %SystemRoot%\system32
    etdde.exe (disabled)
    Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    1394-stuurprogramma: System32\DRIVERS
    ic1394.sys (manual start)
    Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
    Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    nv: System32\DRIVERS
    v4_mini.sys (manual start)
    nVidia WDM Video Capture (universal): System32\DRIVERS
    vcap.sys (autostart)
    NVIDIA Display Driver Service: %SystemRoot%\System32
    vsvc32.exe (autostart)
    nVidia WDM TVTuner: System32\DRIVERS
    vtunep.sys (autostart)
    nVidia WDM TVAudio Crossbar: System32\DRIVERS
    vtvsnd.sys (autostart)
    nVidia WDM A/V Crossbar: System32\DRIVERS\NVxbar.sys (autostart)
    IPX Traffic Filter Driver: System32\DRIVERS
    wlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS
    wlnkfwd.sys (manual start)
    NWLink IPX/SPX/NetBIOS-compatibel transportprotocol: System32\DRIVERS
    wlnkipx.sys (autostart)
    NWLink NetBIOS: System32\DRIVERS
    wlnknb.sys (autostart)
    NWLink SPX/SPXII-protocol: System32\DRIVERS
    wlnkspx.sys (autostart)
    SAP Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
    Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (disabled)
    Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)
    Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start)
    PCI Bus Driver: System32\DRIVERS\pci.sys (system)
    PCIIde: System32\DRIVERS\pciide.sys (system)
    PCTVVBI: System32\DRIVERS\pctvvbi.sys (manual start)
    Padus ASPI Shell: \??\C:\WINDOWS\System32\drivers\pfc.sys (manual start)
    PfModNT: \??\C:\WINDOWS\System32\PfModNT.sys (autostart)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart)
    WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start)
    Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start)
    PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
    Logitech QuickCam Pro USB(PID_D001): System32\DRIVERS\p35u.sys (manual start)
    Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
    NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter: System32\DRIVERS\RTL8139.SYS (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    SAVRT: \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS (manual start)
    SAVRTPEL: \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS (autostart)
    ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: System32\DRIVERS\secdrv.sys (autostart)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start)
    Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system)
    Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system)
    SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
    BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
    Symantec Network Drivers Service: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (manual start)
    Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system)
    System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SRV: System32\DRIVERS\srv.sys (manual start)
    SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
    BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
    SVKP: \??\C:\WINDOWS\System32\SVKP.sys (autostart)
    Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{E667FDF3-6749-41A9-93A4-1825E1008D94} (manual start)
    SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
    SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
    SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
    SymWMI Service: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (autostart)
    Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system)
    Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
    Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    WinFast TV2000 XP WDM TVTuner: system32\drivers\wf2ktunr.sys (autostart)
    WinFast TV2000 XP WDM Crossbar: system32\drivers\wf2kxbar.sys (autostart)
    Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
    Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start)
    Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.sys (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
    Stuurprogramma voor Microsoft USB Standaard-hub: System32\DRIVERS\usbhub.sys (manual start)
    Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
    Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
    Stuurprogramma voor USB-scanner: System32\DRIVERS\usbscan.sys (manual start)
    Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start)
    Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system)
    vsdatant: System32\vsdatant.sys (system)
    TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start)
    Windows CE USB Serial Host Driver: System32\DRIVERS\wceusbsh.sys (manual start)
    Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    WinIK: System32\Drivers\WinIK.sys (system)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart)
    Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
    Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
    Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
    Automatische updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


    ————————————————–

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    ————————————————–
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    End of report, 42.902 bytes
    Report generated in 0,211 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

    Ik ga zo even kijken bij dat internetadres ivm commonname.

    Groetjes!
    Anneke

































Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.