Vraag & Antwoord

Beveiliging & privacy

cuacaorn.exe

28 antwoorden
  • Wij hebben op onze pc last van spyware, genaamd cuacaorn.exe. Spysweeper detecteert dit wel maar het kan niet verwijderd worden omdat het actief is. Met hijackthis verwijderen lukt ook niet. Opstarten in de veilige modus en dan proberen alles te verwijderen lukt ook niet. Zelfs het opstarten in DOS en dan op de "oude" manier del *.* (bij inhoud van de betreffende map) lukt ook niet. Kan iemand me helpen? Ik word er helemaal gek van! :evil: Hierbij onze log. Logfile of HijackThis v1.99.1 Scan saved at 9:41:44, on 24/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\htpatch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Norton AntiVirus\2003\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe G:\gedownloade bestanden\Downloads Max\winrar\WinRAR.exe C:\DOCUME~1\BRAAMB~1\LOCALS~1\Temp\Rar$EX00.467\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMeshBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (file missing) O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [aUVHVsox] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe O4 - HKLM\..\Run: [bEVJTg1x] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe O4 - HKLM\..\Run: [YYpHX1Ex] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe O4 - HKLM\..\Run: [dE0HYgow] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Winipcfg - {A4E2ACEF-DB4E-4B3D-B89E-CD3BE33BDAB4} - C:\WINDOWS\WINIPCFG.EXE (file missing) (HKCU) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {0D5AAD20-C9EF-11D4-B5D3-00C04F163665} (CBSBiB.iPCRClickMap) - http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {8E149656-495B-11D7-9A65-00500454A644} - http://www.trademanager.org/webinstall/actual/installtm.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} (SwitchPointLite Starter Class) - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\2003\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Alvast bedankt voor de aandacht! Anneke
  • je hebt last van deze O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net maar laat eerst de expers er beter naar kijken
  • Ga naar Configuratiescherm - Software - Programma?s wijzigen en verwijderen : deïnstalleer New.net Application en NewDotNet (Domains) Staan deze er niet tussen, dan kijk je in de dan map c:\Progam Files\NewDotNet. Zoek een in die map naar een bestand uninstallX_XX.exe. De waarde van X (een cijfer) hangt af van de versie van New.net die geïnstalleerd is op de computer. Vind je de uninstaller ook niet in de map c:\Progam Files\NewDotNet, dan kijk je in de map C:\Windows naar een bestand NDNuninstallX_XX.exe. (zelfde verhaal voor de X.) Is deze ook niet aanwezig dan kan je deze uninstaller downloaden: http://www.new.net/support/uninstall6_38.exe Plaats het bestand HijackThis.exe ook in een eigen map, bijvoorbeeld C:\HijackThis Dit in verband met de backups die HijackThis maakt en die gaan gemakkelijk verloren als je het programma vanuit de temp runt. Herstart na het uitvoeren van de eerste tips je computer en plaats een nieuw log van HijackThis. Scan het bestand [b:717200fee3]C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe[/b:717200fee3] ook eens met http://virusscan.jotti.org en meldt het resultaat van de scans in je volgende bericht (copy/paste) Groeten smeenk :wink:
  • Beste mensen, Ik heb New.net er af gekregen! Alleen is het cuacaorn.exe nog aanwezig op de pc! Hieronder de nieuwe log: Logfile of HijackThis v1.98.0 Scan saved at 13:05:34, on 24/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\htpatch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Norton AntiVirus\2003\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe E:\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMeshBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (file missing) O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Winipcfg - {A4E2ACEF-DB4E-4B3D-B89E-CD3BE33BDAB4} - C:\WINDOWS\WINIPCFG.EXE (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {0D5AAD20-C9EF-11D4-B5D3-00C04F163665} (CBSBiB.iPCRClickMap) - http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {8E149656-495B-11D7-9A65-00500454A644} - http://www.trademanager.org/webinstall/actual/installtm.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} (SwitchPointLite Starter Class) - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll Ook heb ik het bestand laten scannen op virusscan.jotti.org, hierbij de resultaten: File: cUACAoRN.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 27672d34a8bcfb293d85194b726d1cba Packers detected: - Scanner results AntiVir Found TR/Spy.Hailport.2 ArcaVir Found Adware.Commonname.G Avast Found Win32:Adware-gen. AVG Antivirus Found nothing BitDefender Found Trojan.Commonname.B ClamAV Found Adware.Comna-2 Dr.Web Found not a virus Adware.CommonName F-Prot Antivirus Found nothing Fortinet Found Adware/Commonname.I Kaspersky Anti-Virus Found Trojan.Win32.CommonName.b NOD32 Found Win32/Adware.CommonName application Norman Virus Control Found W32/CommonName.I UNA Found nothing VBA32 Found AdWare.CommonName.i Enig idee wat ik nu nog kan doen? Alvast bedankt! Groetjes, Anneke :o
  • Ga naar Configuratiescherm -- Software en deïnstalleer het volgende programma: [b:25d3e55755]Imesh[/b:25d3e55755] Imesh zit bomvol spyware en het blijven gebruiken van dit programma zou wel eens de oorzaak kunnen zijn van het steeds opnieuw terugkomen van de spyware. Download en installeer [url=http://www.ccleaner.com/]CCleaner[/url]. Gebruik het programma nog niet. Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.[url=http://users.telenet.be/marcvn/spyware/1117602.htm] Hoe verborgen bestanden en mappen weergeven.[/url]. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. run HijackThis nog een keer, kies voor "Do a system csan only" en plaats een vinkje bij de volgende items: [b:25d3e55755]O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMeshBHO.dll O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe O9 - Extra button: Winipcfg - {A4E2ACEF-DB4E-4B3D-B89E-CD3BE33BDAB4} - C:\WINDOWS\WINIPCFG.EXE (file missing) (HKCU) O16 - DPF: {8E149656-495B-11D7-9A65-00500454A644} - http://www.trademanager.org/webinstall/actual/installtm.cab O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll[/b:25d3e55755] Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af. Zoek met je verkenner de volgende mappen en bestanden eens op en verwijder deze(indien nog aanwezig) C:\Program Files\[b:25d3e55755]qpsxvpqp[/b:25d3e55755] C:\Program Files\[b:25d3e55755]iMeshBar[/b:25d3e55755] C:\WINDOWS\system32\[b:25d3e55755]phpAPP20.dll[/b:25d3e55755] C:\Program Files\[b:25d3e55755]iMeshBHO.dll[/b:25d3e55755] [b:25d3e55755]Het gebruik van Ccleaner:[/b:25d3e55755] Ccleaner verwijderd ook cookies. Cookies zijn meestal gewoon nutteloos, soms zelfs kwaadaardig, maar er zijn er ook enkele die nodig zijn voor het inloggen op bepaalde websites. Ccleaner biedt je de mogelijkheid om in te stellen welke cookies je behouden wilt. Kijk hiervoor bij "Opties"en dan Cookies, selecteer de cookies die je behouden wilt en plaats die in de "Te behouden cookies" ruimte. Klik daarna op de knop "Opschonen". Herstel daarna je webinstellingen: Ga naar Configuratiescherm --> Internetopties --> tabblad Programma's. Klik op de "Webinstellingen herstellen". Start de PC in normale modus. Start HijackThis opnieuw, maak een nieuwe log en post deze. vr.gr.smeenk :wink:
  • Bedankt voor je uitgebreide handleiding! Ik heb alles gedaan wat je hebt opgeschreven alleen kan ik (ook niet in de veilige modus) het mapje en bestandje cuacaorn.exe niet verwijderen! Imesh is inmiddels volledig verwijderd. Hierbij de nieuwe log: Logfile of HijackThis v1.98.0 Scan saved at 14:46:31, on 24/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\htpatch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Norton AntiVirus\2003\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe E:\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [dkVHXoEw] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {0D5AAD20-C9EF-11D4-B5D3-00C04F163665} (CBSBiB.iPCRClickMap) - http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} (SwitchPointLite Starter Class) - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll Ik hoop dat je nog iets ziet wat ik kan doen. Alvast heel erg bedankt! Groetjes, Anneke
  • Probeer het eens met killbox. http://www.bleepingcomputer.com/files/killbox.php
  • Helaas, ook met killbox is het niet te verwijderen, ook niet in de veilige modus :(
  • Je gebruikt nu ineens een oudere versie van HijackThis, vervang deze eens met de nieuwste versie en plaats dan een nieuw log van HijackThis. Download [url=http://www.bleepingcomputer.com/files/spyware/KillBox.zip]Pocket KillBox[/url]. Unzip het programma naar je bureaublad. Klik op killbox.exe. Selecteer de optie “Delete on reboot”. In het veld “Full path of file to delete" Kopieer en plak je het volgende: [code:1:0af53c333e]C:\Program Files\qpsxvpqp\cUACAoRN.exe C:\Program Files\qpsxvpqp\NRoACAUc.exe [/code:1:0af53c333e] Klik op de knop met de rode cirkel en het witte kruis. Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. Klik op de knop "YES". Als deze niet wil rebooten herstart dan zelf je computer. Je gebruikt nu ineens een oudere versie van HijackThis, vervang deze eens met de nieuwste versie en plaats dan een nieuw log van HijackThis. Groeten smeenk
  • Ja lekker dom he? Hierbij alsnog de juiste log: Logfile of HijackThis v1.99.1 Scan saved at 18:16:50, on 24/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\htpatch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Norton AntiVirus\2003\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe E:\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {0D5AAD20-C9EF-11D4-B5D3-00C04F163665} (CBSBiB.iPCRClickMap) - http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} (SwitchPointLite Starter Class) - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll (file missing) O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\2003\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • Je zou ook eens naar de rechten van het bestand kunnen kijken. Een enkele keer worden die ook wel naar readonly oid. veranderd. Gebeurt ook wel eens met services, en rechten in de registry. Dan de rechten zo ruim mogelijk instellen, proces afbreken in taakbeheer (of met APM), en vervolgens verwijderen, al dan niet met killbox. http://www.diamondcs.com.au/index.php?page=apm
  • Gerben heeft gelijk, daarbij wil ik dus aanvullen dat het hier dus om 2 processen gaat die je beide moet beeindigen alvorens deze te verwijderen. [quote:1f611d7b2a]C:\Program Files\qpsxvpqp\cUACAoRN.exe C:\Program Files\qpsxvpqp\NRoACAUc.exe[/quote:1f611d7b2a] Groeten smeenk
  • Probeer het volgende ook eens: Configuratiescherm -> Software -> Kijk of het volgende er staat, selecteer deze en kies voor verwijderen. [b:d4e364cc1a]CommonName[/b:d4e364cc1a] Groeten smeenk :wink:
  • Beste Gerben en Smeenk, Ik heb alles gedaan wat jullie hebben opgeschreven maar ik krijg die processen niet beeindigd! Ook niet met het programma APM. Hij beeindigd de 2 toepassingen wel maar daarna zie je dat de toepassingen meteen weer opstarten! Ik ben bang dat ik er nooit meer vanaf kom. Hebben jullie nog een tip??
  • Deze al geprobeerd: Probeer het volgende ook eens: Configuratiescherm -> Software -> Kijk of het volgende er staat, selecteer deze en kies voor verwijderen. [b:d1469eb96e]CommonName[/b:d1469eb96e] Groeten smeenk :wink:
  • Kun je de bestanden ook hernoemen? Als ie ze dan weer opnieuw probeert op te starten, zal dat niet lukken, omdat ie ze niet kan vinden.
  • Mocht dit ook niet werken. Ik heb zelf het idee, dat deze bestanden iedere keer terug worden geplaatst. We kunnen best eerst even kijken waar ze naar verwijzen in het register. Download de Registry Search Tool [url=http://www.billsway.com/vbspage/]hier[/url]. Unzip en run het script. Krijg je een reactie van je antivirusprogramma dan moet je Script blocking uitschakelen in het anti-virusprogramma. In het Zoekveld geef je het volgende in: [b:3748737fe8]cUACAoRN.exe[/b:3748737fe8] Post het resultaat. Doe hetzelfde voor [b:3748737fe8]NRoACAUc.exe[/b:3748737fe8] Groeten smeenk :wink:
  • Beste Gerben en Smeenk, Ik heb geen CommonName gveonden in software. Ook heb ik geprobeerd de bestanden (ze staan inderdaad op read only) te wijzigen door het vinkje weg te halen. Dat lukt niet, ik krijg een foutmelding. Ook het wijzigen van de bestandsnamen lukt niet. Het is heel irritant! Ik heb het register laten doorzoeken op cUACAoRN.exe. Eerst vond het programma niks, daarna heb ik gezocht op cuacaorn. Toen vond hij 670 items! Ook heb ik gezocht op bYVHVAUx, want dat is waas Spysweeper naar verwijst, en dit heeft ook weer te maken met cuacaorn. Op NRoACAUc.exe is niets gevonden. Resultaten cUACAoRN: REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "cUACAoRN" 25/08/2005 15:40:58 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aA0GTgUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aA0GTgUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aA0GU11v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aA0GU11v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aApGYs1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aApGYs1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aAVGYo1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aAVGYo1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aAVJQAow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aAVJQAow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aEFGV91w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aEFGV91w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aEFHQcUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aEFHQcUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agFGQsUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agFGQsUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agFGYo1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agFGYo1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agpGXAUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agpGXAUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agpGXw1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agpGXw1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agVHZ91v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agVHZ91v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\akFJTA1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\akFJTA1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aM0GY91w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aM0GY91w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aM0HWgUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aM0HWgUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aMFHQgUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aMFHQgUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aQFGZ9Ux] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aQFGZ9Ux] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aU0HT9Ex] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aU0HT9Ex] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUFJSwUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUFJSwUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUpGTkow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUpGTkow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUpHWoEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUpHWoEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aw0GT11x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aw0GT11x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aw0GYs1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aw0GYs1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awFGSs1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awFGSs1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awFHWcow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awFHWcow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awpGScow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awpGScow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYFHTgov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYFHTgov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYpGU51v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYpGU51v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVGSsox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVGSsox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVHZoUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVHZoUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bAFGV9Ex] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bAFGV9Ex] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bAFHX91v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bAFHX91v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bApGVo1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bApGVo1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bApHUwUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bApHUwUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bE0GV1Ux] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bE0GV1Ux] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEFJY9Ew] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEFJY9Ew] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEpGTw1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEpGTw1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEVJUsEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEVJUsEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIFJY5ow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIFJY5ow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIVGYgov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIVGYgov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIVGZcEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIVGZcEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bkFJSoEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bkFJSoEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bM0HTgow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bM0HTgow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMFGQgEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMFGQgEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMpGZg1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMpGZg1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMpHQwEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMpHQwEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMVGQoEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMVGQoEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQ0HYw1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQ0HYw1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQpGZk1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQpGZk1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQpHV1ox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQpHV1ox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVHRoov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVHRoov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJUw1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJUw1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJWkox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJWkox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJXgUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJXgUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bU0HS1Uw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bU0HS1Uw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUFGQAow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUFGQAow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUpHYAox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUpHYAox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUVGR11v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUVGR11v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bw0HZkox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bw0HZkox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bwFJXAEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bwFJXAEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bY0HVkUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bY0HVkUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bYpHYsow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bYpHYsow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bYVHVAUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bYVHVAUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cApHQgUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cApHQgUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHR11w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHR11w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHXc1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHXc1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHY1ow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHY1ow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEFGZcox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEFGZcox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEVGU91w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEVGU91w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEVGZwUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEVGZwUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cg0GVsox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cg0GVsox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cgFJUo1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cgFJUo1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cgpGTgUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cgpGTgUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIFJVAUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIFJVAUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIpGU1ov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIpGU1ov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIVJRw1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIVJRw1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cM0GQgox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cM0GQgox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cMVGTw1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cMVGTw1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQ0HZ5Ew] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQ0HZ5Ew] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQFJXwox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQFJXwox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQVJSAox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQVJSAox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQVJVkox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQVJVkox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cU0HYkox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cU0HYkox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cUVJVwov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cUVJVwov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cYFHR51w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cYFHR51w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cYFJQ51x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cYFJQ51x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dAFGRsUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dAFGRsUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dEVHQ51v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dEVHQ51v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dgFHRcov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dgFHRcov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dgVHZg1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dgVHZg1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dI0GWgEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dI0GWgEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIFGVg1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIFGVg1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIFHY11v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIFHY11v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIVHW5Uw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIVHW5Uw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIVJSw1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIVJSw1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dkpHU5Uw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dkpHU5Uw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dM0HX51w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dM0HX51w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dMFHUcEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dMFHUcEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dQVGToUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dQVGToUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dQVGV5ov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dQVGV5ov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUFGV1Ex] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUFGV1Ex] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUpGQwUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUpGQwUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dwFHUw1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dwFHUw1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dwVJXwov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dwVJXwov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dY0GZAUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dY0GZAUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dYFGXgUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dYFGXgUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eEVJR5Ew] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eEVJR5Ew] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGRoEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGRoEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGU5ov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGU5ov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGU91x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGU91x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGWo1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGWo1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egVGY1Ex] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egVGY1Ex] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eI0GW51v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eI0GW51v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ek0GWg1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ek0GWg1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ekFGVsUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ekFGVsUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ekpGYoEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ekpGYoEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0GToUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0GToUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0GZo1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0GZo1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0HV51x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0HV51x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eUFJRgEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eUFJRgEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eUpHVkEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eUpHVkEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GQcEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GQcEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GTAow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GTAow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GZo1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GZo1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYFGR91x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYFGR91x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYpGUAEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYpGUAEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVGRo1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVGRo1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVGTsEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVGTsEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVHV9ow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVHV9ow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVJYgEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVJYgEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fA0GWsox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fA0GWsox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fA0GZwEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fA0GZwEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fAFHQsov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fAFHQsov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fE0HVg1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fE0HVg1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fEFJT91w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fEFJT91w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fgFGQ51w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fgFGQ51w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fgpHVAEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fgpHVAEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fI0GRoEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fI0GRoEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fIFJTsox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fIFJTsox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fkpHToEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fkpHToEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fkVGSkEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fkVGSkEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GWcEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GWcEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GWoEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GWoEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GZoEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GZoEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQ0GSs1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQ0GSs1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQFHZsUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQFHZsUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQpGQwEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQpGQwEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fUFHVwUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fUFHVwUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fUpGZ91w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fUpGZ91w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fwpHYo1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fwpHYo1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fwVGS51x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fwVGS51x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYFHWsEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYFHWsEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYpGVoov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYpGVoov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYVHT5Ew] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYVHT5Ew] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYVJYoEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYVJYoEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QApGR5ov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QApGR5ov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QE0GY9ov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QE0GY9ov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QEFHSsow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QEFHSsow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QEpGXkEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QEpGXkEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qg0GQsow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qg0GQsow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QgpHU1Ew] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QgpHU1Ew] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QIpGRw1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QIpGRw1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qk0HY9Ew] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qk0HY9Ew] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QkFGTw1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QkFGTw1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QkVGZ9ov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QkVGZ9ov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0GSgEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0GSgEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0GY9Ux] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0GY9Ux] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0HXgov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0HXgov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QMpGWgUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QMpGWgUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QMVHQgov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QMVHQgov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QUpGZsox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QUpGZsox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qw0HX9Ew] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qw0HX9Ew] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QwFGVcEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QwFGVcEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYFJWsov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYFJWsov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYVGSgEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYVGSgEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYVJScEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYVJScEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAFGQo1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAFGQo1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAVGXg1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAVGXg1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAVJTs1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAVJTs1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RE0GXAEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RE0GXAEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REFGSk1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REFGSk1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgFHYc1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgFHYc1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgFJS1ov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgFJS1ov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgVGUk1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgVGUk1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RI0GUsox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RI0GUsox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RkFGR5Ex] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RkFGR5Ex] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RkFHSwUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RkFHSwUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMFJTAUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMFJTAUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMFJY9Uw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMFJY9Uw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMpGYcEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMpGYcEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMVGUo1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMVGUo1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMVHT5ov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMVHT5ov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQ0GVcEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQ0GVcEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQ0GZsUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQ0GZsUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQpGW1ov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQpGW1ov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQVGZ9Uw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQVGZ9Uw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RU0HW9Ex] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RU0HW9Ex] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RUFJT51x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RUFJT51x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RUVGTcEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RUVGTcEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RY0HT5Ex] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RY0HT5Ex] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RYFGTcox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RYFGTcox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YA0HSsox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YA0HSsox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YA0HXs1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YA0HXs1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YAVHWs1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YAVHWs1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YE0GTcUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YE0GTcUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yg0HWoEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yg0HWoEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yg0HWoow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yg0HWoow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YgVJUsEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YgVJUsEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YIVHWkow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YIVHWkow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yk0HXAUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yk0HXAUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVGXsUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVGXsUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVHQkox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVHQkox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVHXkUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVHXkUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMpHRcow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMpHRcow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMVGVsUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMVGVsUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMVHV51w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMVHV51w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQpGV11x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQpGV11x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQpGW1ov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQpGW1ov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQVHU5Ew] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQVHU5Ew] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0GRwEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0GRwEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HTk1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HTk1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HX1ow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HX1ow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HZ1ox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HZ1ox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUFHTAox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUFHTAox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUpGQgUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUpGQgUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUpGV5ov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUpGV5ov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUVGSA1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUVGSA1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YwFGW9ov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YwFGW9ov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YY0GZcov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YY0GZcov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YY0HYwox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YY0HYwox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YYFJZAox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YYFJZAox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YYpGRgEx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YYpGRgEx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZA0GSo1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZA0GSo1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZE0GX9Ux] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZE0GX9Ux] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZEpHXA1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZEpHXA1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZEVHW1Ew] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZEVHW1Ew] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zg0GSsUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zg0GSsUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgFGWgox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgFGWgox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgFJWsov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgFJWsov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgVJSoUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgVJSoUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZI0GRsEw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZI0GRsEw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIFJR9Ew] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIFJR9Ew] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIVHSwov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIVHSwov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIVJU91x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIVJU91x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zk0GXsUw] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zk0GXsUw] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZkVHQcov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZkVHQcov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZkVJYkox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZkVJYkox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZM0HVgox] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZM0HVgox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZMpGWcUx] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZMpGWcUx] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQ0HQ1ow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQ0HQ1ow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQ0HQ5ow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQ0HQ5ow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQVHQg1v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQVHQg1v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZUpHZ91w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZUpHZ91w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZUVHT9ow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZUVHT9ow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwFGTw1x] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwFGTw1x] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwpHS9Ew] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwpHS9Ew] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwpHV91v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwpHV91v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZY0GU91v] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZY0GU91v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZY0HYgov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZY0HYgov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYFHQsow] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYFHQsow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYFHXAov] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYFHXAov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYpGUg1w] "item"="cUACAoRN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYpGUg1w] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "bYVHVAUx"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"="cUACAoRN" [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aAFHS9ow] "path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aAFHS9ow] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aAFJXwov] "path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aAFJXwov] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aEFHZ5Ux] "path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aEFHZ5Ux] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aEVJYAox] "path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aEVJYAox] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_akVGT51v] "path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_akVGT51v] "command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe" [HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Soft
  • Hallo, Anneke Ik kom er nog niet uit, ik krijg op dit moment wel fantastische hulp op de achtergrond. Ik denk dat we nog meer informatie moeten hebben: Download [url=http://www.bleepingcomputer.com/files/winpfind.php]Winpfind.zip[/url] en installeer het in op het bureaublad Start de computer op in VEILIGE mode. Open [b:c6a964dbd4]WinPFind[/b:c6a964dbd4] en dubbel-klik op [b:c6a964dbd4]WinPFind.exe[/b:c6a964dbd4]. Wanneer het progamma is gestart klik op de Start Scan button. Dit scannen kan even duren. Wanneer de scan klaar is wordt een log gemaakt. Herstart de computer in normale mode en post de inhoud van WinPFind.txt. Maak een startuplist met behulp van HijackThis Open Misc Tools en zet een vinkje bij de 2 items rechts van "Generate a startuplist log" daarna de startuplist log genereren en ook in een bericht posten. Het is inderdaad een taaie rakker :wink: Als het commonname is zou je hier wat aan kunnen hebben: http://is.asu.edu/instruction/myasu/tutorials/commonname.html Groeten smeenk
  • Hoi Smeenk, Geweldig dat jullie me zo helpen, echt té gek hoor! Ik heb heb alles gedaan alleen is het niet volledig gelukt. Ik kreeg een fotmelding tijdens het scannen bij WinPFind. De melding was : invalid data type for "flag". Vervolgens bleef de zandlopen lopen en heb ik het moeten afbreken. Er is wel een log (maar ik denk niet volledig): WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... PECompact2 11/04/2005 20:39:38 14563177 C:\WINDOWS\LPT$VPN.556 qoologic 11/04/2005 20:39:38 14563177 C:\WINDOWS\LPT$VPN.556 SAHAgent 11/04/2005 20:39:38 14563177 C:\WINDOWS\LPT$VPN.556 UPX! 11/04/2005 20:39:40 170053 C:\WINDOWS\tsc.exe PECompact2 11/04/2005 20:39:38 14563177 C:\WINDOWS\VPTNFILE.556 qoologic 11/04/2005 20:39:38 14563177 C:\WINDOWS\VPTNFILE.556 SAHAgent 11/04/2005 20:39:38 14563177 C:\WINDOWS\VPTNFILE.556 UPX! 11/04/2005 20:39:40 1044560 C:\WINDOWS\vsapi32.dll aspack 11/04/2005 20:39:40 1044560 C:\WINDOWS\vsapi32.dll Checking %System% folder... UPX! 22/06/2003 14:40:40 71168 C:\WINDOWS\SYSTEM32\Agent.dll UPX! 31/05/2004 8:02:04 220672 C:\WINDOWS\SYSTEM32\B4FM.dll UPX! 14/05/2003 6:51:12 22016 C:\WINDOWS\SYSTEM32\ctbv2.dll PEC2 07/09/2001 14:00:00 41122 C:\WINDOWS\SYSTEM32\dfrg.msc UPX! 13/05/2003 6:34:54 131072 C:\WINDOWS\SYSTEM32\ezStubi.dll PTech 15/11/2003 13:41:52 H 2504815 C:\WINDOWS\SYSTEM32\kyf.dat PECompact2 05/08/2005 3:31:54 1455960 C:\WINDOWS\SYSTEM32\MRT.exe aspack 05/08/2005 3:31:54 1455960 C:\WINDOWS\SYSTEM32\MRT.exe UPX! 15/06/2003 9:08:04 97280 C:\WINDOWS\SYSTEM32\msbb1.dll UPX! 20/06/2003 17:49:06 30720 C:\WINDOWS\SYSTEM32\netpals.dll UPX! 03/04/2003 18:26:10 88064 C:\WINDOWS\SYSTEM32\NLNP13.dll UPX! 14/08/2003 15:29:28 113664 C:\WINDOWS\SYSTEM32\nostalgia.dll aspack 04/08/2004 10:03:00 729088 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 04/08/2004 10:03:20 676864 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 31/08/2003 11:26:38 71168 C:\WINDOWS\SYSTEM32\SHAgent.dll UPX! 18/08/2003 8:47:38 71168 C:\WINDOWS\SYSTEM32\SHAgentNew.dll winsync 07/09/2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu UPX! 19/09/2003 8:59:32 226304 C:\WINDOWS\SYSTEM32\Xcite.dll Checking %System%\Drivers folder and sub-folders... PTech 04/08/2004 7:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 26/08/2005 8:16:30 S 2048 C:\WINDOWS\bootstat.dat 25/08/2005 12:27:34 HS 35840 C:\WINDOWS\Thumbs.db 01/07/2005 14:56:16 H 0 C:\WINDOWS\inf\oem42.inf 24/08/2005 14:35:32 HS 20480 C:\WINDOWS\system32\Thumbs.db 26/08/2005 8:05:14 H 1007 C:\WINDOWS\system32\vsconfig.xml 08/07/2005 16:23:14 S 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat 30/06/2005 9:06:28 S 11437 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat 19/07/2005 20:48:48 S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat 30/06/2005 13:42:14 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat 30/06/2005 14:21:06 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat 30/06/2005 8:46:12 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat 28/06/2005 19:12:50 S 11845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat 02/07/2005 10:18:12 S 9445 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat 26/08/2005 8:16:20 H 8192 C:\WINDOWS\system32\config\default.LOG 26/08/2005 8:16:50 H 1024 C:\WINDOWS\system32\config\SAM.LOG 26/08/2005 8:16:32 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG 26/08/2005 8:17:34 H 65536 C:\WINDOWS\system32\config\software.LOG 26/08/2005 8:16:40 H 1458176 C:\WINDOWS\system32\config\system.LOG 13/08/2005 23:20:34 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 07/08/2005 13:50:14 S 7652 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C 07/08/2005 13:50:14 S 134 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C 31/07/2005 9:45:46 HS 6144 C:\WINDOWS\system32\iMesh_Cache\Thumbs.db 20/07/2005 15:49:40 H 16826 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_QI021E.GID 31/07/2005 9:45:46 HS 6144 C:\WINDOWS\system32\WinFox\Thumbs.db 26/08/2005 8:14:26 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 04/08/2004 10:03:36 70656 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 04/08/2004 10:03:36 554496 C:\WINDOWS\SYSTEM32\appwiz.cpl Creative Technology Ltd. 28/05/2001 14:47:00 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl 11/05/2001 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl Microsoft Corporation 04/08/2004 10:03:36 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Creative Technology Ltd. 30/03/2001 3:00:00 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl Microsoft Corporation 04/08/2004 10:03:36 137728 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 04/08/2004 10:03:36 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 04/08/2004 10:03:36 156672 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 04/08/2004 10:03:36 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 04/08/2004 10:03:36 132608 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 04/08/2004 10:03:36 380928 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 04/08/2004 10:03:36 69632 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems 22/02/2004 23:44:42 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 07/09/2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl AvantGo, Inc. 22/02/2003 0:58:26 69632 C:\WINDOWS\SYSTEM32\MBLLNK.CPL Microsoft Corporation 04/08/2004 10:03:36 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl 02/03/1998 11:24:38 41984 C:\WINDOWS\SYSTEM32\mtrcfg.cpl Microsoft Corporation 07/09/2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 04/08/2004 10:03:36 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 04/08/2004 10:03:36 260608 C:\WINDOWS\SYSTEM32\nusrmgr.cpl NVIDIA Corporation 06/10/2003 15:16:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 04/08/2004 10:03:36 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl Sun Microsystems 02/10/2002 13:01:34 45171 C:\WINDOWS\SYSTEM32\plugincpl131_06.cpl Microsoft Corporation 04/08/2004 10:03:36 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl 19/11/1999 14:54:12 155648 C:\WINDOWS\SYSTEM32\PPPoEService.cpl Apple Computer, Inc. 30/09/2004 16:24:08 324608 C:\WINDOWS\SYSTEM32\QuickTime.cpl Microsoft Corporation 04/08/2004 10:03:38 302592 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 07/09/2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 04/08/2004 10:03:38 94720 C:\WINDOWS\SYSTEM32\timedate.cpl 24/10/1998 14:01:00 R 53248 C:\WINDOWS\SYSTEM32\VSVART.cpl Microsoft Corporation 04/08/2004 10:03:38 148480 C:\WINDOWS\SYSTEM32\wscui.cpl WildTangent, Inc. 27/09/2002 14:47:26 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl Microsoft Corporation 26/05/2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 04/08/2004 10:03:36 359936 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 07/09/2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 07/09/2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 07/09/2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 26/05/2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 02/10/2002 9:56:20 HS 84 C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 01/08/2002 16:30:00 HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini Checking files in %USERPROFILE%\Startup folder... Checking files in %USERPROFILE%\Application Data folder... 17/04/2005 18:35:56 1210 C:\Documents and Settings\Braambosch\Mijn documenten\Application Data\AdobeDLM.log 01/08/2002 16:30:00 HS 62 C:\Documents and Settings\Braambosch\Mijn documenten\Application Data\desktop.ini 17/04/2005 18:35:56 0 C:\Documents and Settings\Braambosch\Mijn documenten\Application Data\dm.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] Cable Wanadoo = IEAKCable Wanadoo ESB{724A5BE0-ACF6-46F3-A275-C1039B8DD43E} = SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = E:\Adobe\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\2003\NavShExt.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\gedownloade bestanden\Downloads Max\winrar\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP {797F3885-5429-11D4-8823-0050DA59922B} = E:\Ws-FTP Prof\wsftpsi.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\2003\NavShExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\gedownloade bestanden\Downloads Max\winrar\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP {797F3885-5429-11D4-8823-0050DA59922B} = E:\Ws-FTP Prof\wsftpsi.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\gedownloade bestanden\Downloads Max\winrar\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910} AcroIEToolbarHelper Class = E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872} CNavExtBho Class = C:\Program Files\Norton AntiVirus\2003\NavShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B} Adobe PDF = E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip van de dag = %SystemRoot%\System32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} Real.com = C:\WINDOWS\System32\Shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\2003\NavShExt.dll {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} ButtonText = Toevoegen aan Mobiele favorieten : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} MenuText = Toevoegen aan Mobiele favorieten... : C:\Program Files\Microsoft ActiveSync\INETREPL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} ButtonText = Onderzoek : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} ButtonText = Real.com : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\2003\NavShExt.dll {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll {1C78AB3F-A857-482E-80C0-3A1E5238A565} = : {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll {E6AE90A4-1B01-47F0-AA78-E6B122E145E9} = : {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Toolbar : C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koppelingen : %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] HTpatch C:\WINDOWS\htpatch.exe UpdReg C:\WINDOWS\UpdReg.EXE MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe bYVHVAUx C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] Hierbij de log van Hijackthis: StartupList report, 26/08/2005, 9:00:14 StartupList version: 1.52.2 Started from : E:\Hijack\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\htpatch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Norton AntiVirus\2003\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe E:\Hijack\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Bean\Programma's\Opstarten] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /s -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Register-editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910} NAV Helper - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton AntiVirus - Mijn computer scannen.job Symantec NetDetect.job {39C56FD3-AF37-478D-B788-250E4099C5B5}_C3649579_Braambosch.job -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [CryptoRSA Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\CRYPTO~1.OCX CODEBASE = https://www.p3.postbank.nl/sesam/CAX.cab [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [CBSBiB.iPCRClickMap] InProcServer32 = C:\WINDOWS\Downloaded Program Files\klikkaart.ocx CODEBASE = http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab [MSSecurityAdvisor Class] InProcServer32 = C:\WINDOWS\System32\mssecadv.dll CODEBASE = http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1076452679607 [Minesweeper Flags Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab [Symantec AntiVirus scanner] InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab [OPUCatalog Class] InProcServer32 = C:\WINDOWS\System32\opuc.dll CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab [OPUCatalog Class] InProcServer32 = C:\WINDOWS\System32\opuc.dll CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab [{62475759-9E84-458E-A1AB-5D2C442ADFDE}] CODEBASE = http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471 [HouseCall Besturing] InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab [AvxScanOnline Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab [Java Plug-in 1.4.2_04] InProcServer32 = C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll CODEBASE = http://java.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab [InstallShield International Setup Player] InProcServer32 = c:\windows\DOWNLO~1\isetup.dll CODEBASE = http://www.installengine.com/engine/isetup.cab [Installation Helper Object] InProcServer32 = C:\WINDOWS\DOWNLO~1\instwact.dll CODEBASE = http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll [Anonymizer Anti-Spyware Scanner] InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebAAS.dll CODEBASE = http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37868.3905092593 [IEAnimBehaviorFactory Class] InProcServer32 = C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL CODEBASE = http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab [GDIChk Object] InProcServer32 = C:\WINDOWS\Downloaded Program Files\GDIChk.dll CODEBASE = http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB [ING Bank Autorisatiescherm] InProcServer32 = C:\WINDOWS\Downloaded Program Files\AXDigiSign.dll CODEBASE = http://secure.ingbank.nl/download/DigiSign.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx CODEBASE = http://messenger.msn.com/download/msnmessengersetupdownloader.cab [Symantec RuFSI Registry Information Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Virtools WebPlayer Class] InProcServer32 = C:\Program Files\Virtools Web Player 2.5\WebPlayer.ocx CODEBASE = http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe [Java Plug-in 1.3.1_06] InProcServer32 = e:\Program Files\JavaSoft\JRE\1.3.1_06\bin\npjava131_06.dll CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_06-win.cab [Java Plug-in 1.4.2_04] InProcServer32 = C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\macromed\flash\flash.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [PBGNX Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\PBGNX.ocx CODEBASE = https://www.p3.postbank.nl/GTO/PBGNX.cab [PopCapLoader Object] InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll CODEBASE = http://www.popcap.com/games/popcaploader_v6.cab [MSN Chat Control 4.5] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab [SwitchPointLite Starter Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\Starter.dll CODEBASE = http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll NameSpace #4: C:\WINDOWS\System32\nwprovau.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll Protocol #22: C:\WINDOWS\system32\mswsock.dll Protocol #23: C:\WINDOWS\system32\mswsock.dll Protocol #24: C:\WINDOWS\system32\mswsock.dll Protocol #25: C:\WINDOWS\system32\mswsock.dll Protocol #26: C:\WINDOWS\system32\mswsock.dll Protocol #27: C:\WINDOWS\system32\mswsock.dll Protocol #28: C:\WINDOWS\system32\mswsock.dll Protocol #29: C:\WINDOWS\system32\mswsock.dll Protocol #30: C:\WINDOWS\system32\mswsock.dll Protocol #31: C:\WINDOWS\system32\mswsock.dll Protocol #32: C:\WINDOWS\system32\mswsock.dll Protocol #33: C:\WINDOWS\system32\mswsock.dll Protocol #34: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system) AdobeVersionCue: E:\Adobe\Adobe Version Cue\service\VersionCue.exe (manual start) Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start) Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (system) Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) 1394 ARP-clientprotocol: System32\DRIVERS\arp1394.sys (manual start) ASP.NET-statusservice: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start) Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system) ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start) Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) MAC-brug: System32\DRIVERS\bridge.sys (manual start) MAC-brugminipoort: System32\DRIVERS\bridge.sys (manual start) Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) WinFast TV2000 XP WDM Video Capture: system32\drivers\wf2kvcap.sys (autostart) Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start) Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart) Symantec Password Validation Service: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start) Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system) Indexing-service: C:\WINDOWS\System32\cisvc.exe (autostart) ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled) C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start) COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.EXE (autostart) Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Creative AC3 Software Decoder: System32\drivers\ctac32k.sys (manual start) Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start) Creative SB Live!-spelpoort: System32\DRIVERS\ctljystk.sys (manual start) Creative Proxy Driver: System32\drivers\ctprxy2k.sys (manual start) Creative SoundFont Management Device Driver: System32\drivers\ctsfm2k.sys (manual start) Dual-Mode DSC(2770): System32\Drivers\SQcaptur.sys (manual start) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start) Pinnacle PCTV Deluxe USB (PAL) Device: System32\DRIVERS\DunePal.sys (manual start) E-mu Plug-in Architecture Driver: System32\drivers\emupia2k.sys (manual start) Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start) Stuurprogramma voor diskettestation: System32\Drivers\Sdfloppy.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system) Spelpoort-enumerator: System32\DRIVERS\gameenum.sys (manual start) GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start) Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start) Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start) HCF_MSFT: System32\DRIVERS\HCF_MSFT.sys (manual start) Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system) Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system) COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start) InCDPass: System32\DRIVERS\InCDPass.sys (system) InCD Helper: C:\Program Files\Ahead\InCD\InCDsrv.exe (autostart) Intel GV3-processorstuurprogramma: System32\DRIVERS\intelppm.sys (system) IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start) IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start) iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (disabled) IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system) IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system) iTouch Keyboard Filter: System32\DRIVERS\itchfltr.sys (manual start) Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system) Stuurprogramma voor toetsenbord-HID: System32\DRIVERS\kbdhid.sys (system) Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start) Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042pr2.Sys (manual start) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Logitech USB Filter Driver: System32\Drivers\LCcFltr.Sys (manual start) Logitech HID/USB Mouse Filter Driver: System32\DRIVERS\LHidFlt2.Sys (manual start) Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start) TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.Sys (manual start) mchInjDrv: \??\C:\DOCUME~1\BRAAMB~1\LOCALS~1\Temp\mc21.tmp (disabled) Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (disabled) Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system) Stuurprogramma voor muis-HID: System32\DRIVERS\mouhid.sys (manual start) WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start) BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start) Microsoft MPU-401 MIDI UART-stuurprogramma: system32\drivers\msmpu401.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Norton AntiVirus Auto-Protect: "C:\Program Files\Norton AntiVirus\2003\navapsvc.exe" (autostart) NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050824.008\NAVENG.Sys (manual start) NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050824.008\NavEx15.Sys (manual start) Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start) RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.sys (manual start) I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.sys (manual start) RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS-interface: System32\DRIVERS\netbios.sys (system) NetBT: System32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (disabled) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) Net Logon: %SystemRoot%\System32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) 1394-stuurprogramma: System32\DRIVERS\nic1394.sys (manual start) Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start) Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) nVidia WDM Video Capture (universal): System32\DRIVERS\nvcap.sys (autostart) NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart) nVidia WDM TVTuner: System32\DRIVERS\nvtunep.sys (autostart) nVidia WDM TVAudio Crossbar: System32\DRIVERS\nvtvsnd.sys (autostart) nVidia WDM A/V Crossbar: System32\DRIVERS\NVxbar.sys (autostart) IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start) NWLink IPX/SPX/NetBIOS-compatibel transportprotocol: System32\DRIVERS\nwlnkipx.sys (autostart) NWLink NetBIOS: System32\DRIVERS\nwlnknb.sys (autostart) NWLink SPX/SPXII-protocol: System32\DRIVERS\nwlnkspx.sys (autostart) SAP Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system) Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (disabled) Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start) Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) PCTVVBI: System32\DRIVERS\pctvvbi.sys (manual start) Padus ASPI Shell: \??\C:\WINDOWS\System32\drivers\pfc.sys (manual start) PfModNT: \??\C:\WINDOWS\System32\PfModNT.sys (autostart) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart) WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start) Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start) Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\DRIVERS\PxHelp20.sys (system) Logitech QuickCam Pro USB(PID_D001): System32\DRIVERS\p35u.sys (manual start) Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start) Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system) Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start) Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter: System32\DRIVERS\RTL8139.SYS (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) SAVRT: \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS (manual start) SAVRTPEL: \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS (autostart) ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start) Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system) Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system) SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) Symantec Network Drivers Service: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (manual start) Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system) System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SRV: System32\DRIVERS\srv.sys (manual start) SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) SVKP: \??\C:\WINDOWS\System32\SVKP.sys (autostart) Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{E667FDF3-6749-41A9-93A4-1825E1008D94} (manual start) SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start) SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start) SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system) SymWMI Service: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (autostart) Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system) Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) WinFast TV2000 XP WDM TVTuner: system32\drivers\wf2ktunr.sys (autostart) WinFast TV2000 XP WDM Crossbar: system32\drivers\wf2kxbar.sys (autostart) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start) Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.sys (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start) Stuurprogramma voor Microsoft USB Standaard-hub: System32\DRIVERS\usbhub.sys (manual start) Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start) Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start) Stuurprogramma voor USB-scanner: System32\DRIVERS\usbscan.sys (manual start) Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start) Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system) vsdatant: System32\vsdatant.sys (system) TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start) Windows CE USB Serial Host Driver: System32\DRIVERS\wceusbsh.sys (manual start) Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) WinIK: System32\Drivers\WinIK.sys (system) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart) Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Automatische updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 42.902 bytes Report generated in 0,211 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Ik ga zo even kijken bij dat internetadres ivm commonname. Groetjes! Anneke

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.