Vraag & Antwoord
cuacaorn.exe
28 antwoorden
- Wij hebben op onze pc last van spyware, genaamd cuacaorn.exe. Spysweeper detecteert dit wel maar het kan niet verwijderd worden omdat het actief is. Met hijackthis verwijderen lukt ook niet. Opstarten in de veilige modus en dan proberen alles te verwijderen lukt ook niet. Zelfs het opstarten in DOS en dan op de "oude" manier del *.* (bij inhoud van de betreffende map) lukt ook niet.
Kan iemand me helpen? Ik word er helemaal gek van! :evil:
Hierbij onze log.
Logfile of HijackThis v1.99.1
Scan saved at 9:41:44, on 24/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\2003\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\gedownloade bestanden\Downloads Max\winrar\WinRAR.exe
C:\DOCUME~1\BRAAMB~1\LOCALS~1\Temp\Rar$EX00.467\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [aUVHVsox] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
O4 - HKLM\..\Run: [bEVJTg1x] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
O4 - HKLM\..\Run: [YYpHX1Ex] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
O4 - HKLM\..\Run: [dE0HYgow] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Winipcfg - {A4E2ACEF-DB4E-4B3D-B89E-CD3BE33BDAB4} - C:\WINDOWS\WINIPCFG.EXE (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {0D5AAD20-C9EF-11D4-B5D3-00C04F163665} (CBSBiB.iPCRClickMap) - http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8E149656-495B-11D7-9A65-00500454A644} - http://www.trademanager.org/webinstall/actual/installtm.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} (SwitchPointLite Starter Class) - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab
O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\2003\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Alvast bedankt voor de aandacht!
Anneke - je hebt last van deze
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
maar laat eerst de expers er beter naar kijken - Ga naar Configuratiescherm - Software - Programma?s wijzigen en verwijderen : deïnstalleer New.net Application en NewDotNet (Domains)
Staan deze er niet tussen, dan kijk je in de dan map c:\Progam Files\NewDotNet. Zoek een in die map naar een bestand uninstallX_XX.exe. De waarde van X (een cijfer) hangt af van de versie van New.net die geïnstalleerd is op de computer.
Vind je de uninstaller ook niet in de map c:\Progam Files\NewDotNet, dan kijk je in de map C:\Windows naar een bestand NDNuninstallX_XX.exe. (zelfde verhaal voor de X.)
Is deze ook niet aanwezig dan kan je deze uninstaller downloaden: http://www.new.net/support/uninstall6_38.exe
Plaats het bestand HijackThis.exe ook in een eigen map, bijvoorbeeld C:\HijackThis Dit in verband met de backups die HijackThis maakt en die gaan gemakkelijk verloren als je het programma vanuit de temp runt.
Herstart na het uitvoeren van de eerste tips je computer en plaats een nieuw log van HijackThis.
Scan het bestand [b:717200fee3]C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe[/b:717200fee3] ook eens met http://virusscan.jotti.org en meldt het resultaat van de scans in je volgende bericht (copy/paste)
Groeten smeenk :wink: - Beste mensen,
Ik heb New.net er af gekregen! Alleen is het cuacaorn.exe nog aanwezig op de pc! Hieronder de nieuwe log:
Logfile of HijackThis v1.98.0
Scan saved at 13:05:34, on 24/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\2003\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
E:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Winipcfg - {A4E2ACEF-DB4E-4B3D-B89E-CD3BE33BDAB4} - C:\WINDOWS\WINIPCFG.EXE (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {0D5AAD20-C9EF-11D4-B5D3-00C04F163665} (CBSBiB.iPCRClickMap) - http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8E149656-495B-11D7-9A65-00500454A644} - http://www.trademanager.org/webinstall/actual/installtm.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} (SwitchPointLite Starter Class) - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab
O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll
Ook heb ik het bestand laten scannen op virusscan.jotti.org, hierbij de resultaten:
File: cUACAoRN.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 27672d34a8bcfb293d85194b726d1cba
Packers detected: -
Scanner results
AntiVir Found TR/Spy.Hailport.2
ArcaVir Found Adware.Commonname.G
Avast Found Win32:Adware-gen.
AVG Antivirus Found nothing
BitDefender Found Trojan.Commonname.B
ClamAV Found Adware.Comna-2
Dr.Web Found not a virus Adware.CommonName
F-Prot Antivirus Found nothing
Fortinet Found Adware/Commonname.I
Kaspersky Anti-Virus Found Trojan.Win32.CommonName.b
NOD32 Found Win32/Adware.CommonName application
Norman Virus Control Found W32/CommonName.I
UNA Found nothing
VBA32 Found AdWare.CommonName.i
Enig idee wat ik nu nog kan doen? Alvast bedankt!
Groetjes,
Anneke :o - Ga naar Configuratiescherm – Software en deïnstalleer het volgende programma:
[b:25d3e55755]Imesh[/b:25d3e55755]
Imesh zit bomvol spyware en het blijven gebruiken van dit programma zou wel eens de oorzaak kunnen zijn van het steeds opnieuw terugkomen van de spyware.
Download en installeer CCleaner.
Gebruik het programma nog niet.
Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden. Hoe verborgen bestanden en mappen weergeven..
Start de computer in veilige modus.
run HijackThis nog een keer, kies voor "Do a system csan only" en plaats een vinkje bij de volgende items:
[b:25d3e55755]O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMeshBHO.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
O9 - Extra button: Winipcfg - {A4E2ACEF-DB4E-4B3D-B89E-CD3BE33BDAB4} - C:\WINDOWS\WINIPCFG.EXE (file missing) (HKCU)
O16 - DPF: {8E149656-495B-11D7-9A65-00500454A644} - http://www.trademanager.org/webinstall/actual/installtm.cab
O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll[/b:25d3e55755]
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.
Zoek met je verkenner de volgende mappen en bestanden eens op en verwijder deze(indien nog aanwezig)
C:\Program Files\[b:25d3e55755]qpsxvpqp[/b:25d3e55755]
C:\Program Files\[b:25d3e55755]iMeshBar[/b:25d3e55755]
C:\WINDOWS\system32\[b:25d3e55755]phpAPP20.dll[/b:25d3e55755]
C:\Program Files\[b:25d3e55755]iMeshBHO.dll[/b:25d3e55755]
[b:25d3e55755]Het gebruik van Ccleaner:[/b:25d3e55755]
Ccleaner verwijderd ook cookies. Cookies zijn meestal gewoon nutteloos,
soms zelfs kwaadaardig, maar er zijn er ook enkele die nodig zijn voor het inloggen op bepaalde websites.
Ccleaner biedt je de mogelijkheid om in te stellen welke cookies je behouden wilt.
Kijk hiervoor bij "Opties"en dan Cookies, selecteer de cookies die je behouden wilt en plaats die in de "Te behouden cookies" ruimte.
Klik daarna op de knop "Opschonen".
Herstel daarna je webinstellingen: Ga naar Configuratiescherm –> Internetopties –> tabblad Programma's.
Klik op de "Webinstellingen herstellen".
Start de PC in normale modus. Start HijackThis opnieuw, maak een nieuwe log en post deze.
vr.gr.smeenk :wink: - Bedankt voor je uitgebreide handleiding! Ik heb alles gedaan wat je hebt opgeschreven alleen kan ik (ook niet in de veilige modus) het mapje en bestandje cuacaorn.exe niet verwijderen! Imesh is inmiddels volledig verwijderd.
Hierbij de nieuwe log:
Logfile of HijackThis v1.98.0
Scan saved at 14:46:31, on 24/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\2003\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [dkVHXoEw] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {0D5AAD20-C9EF-11D4-B5D3-00C04F163665} (CBSBiB.iPCRClickMap) - http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} (SwitchPointLite Starter Class) - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab
O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll
Ik hoop dat je nog iets ziet wat ik kan doen. Alvast heel erg bedankt!
Groetjes,
Anneke - Probeer het eens met killbox.
http://www.bleepingcomputer.com/files/killbox.php - Helaas, ook met killbox is het niet te verwijderen, ook niet in de veilige modus
- Je gebruikt nu ineens een oudere versie van HijackThis, vervang deze eens met de nieuwste versie en plaats dan een nieuw log van HijackThis.
Download Pocket KillBox.
Unzip het programma naar je bureaublad.
Klik op killbox.exe.
Selecteer de optie “Delete on reboot”.
In het veld “Full path of file to delete" Kopieer en plak je het volgende:
[code:1:0af53c333e]C:\Program Files\qpsxvpqp\cUACAoRN.exe
C:\Program Files\qpsxvpqp\NRoACAUc.exe [/code:1:0af53c333e]
Klik op de knop met de rode cirkel en het witte kruis.
Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. Klik op de knop "YES".
Als deze niet wil rebooten herstart dan zelf je computer.
Je gebruikt nu ineens een oudere versie van HijackThis, vervang deze eens met de nieuwste versie en plaats dan een nieuw log van HijackThis.
Groeten smeenk - Ja lekker dom he? Hierbij alsnog de juiste log:
Logfile of HijackThis v1.99.1
Scan saved at 18:16:50, on 24/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\2003\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
E:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [bYVHVAUx] C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {0D5AAD20-C9EF-11D4-B5D3-00C04F163665} (CBSBiB.iPCRClickMap) - http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} (SwitchPointLite Starter Class) - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab
O18 - Protocol: php20 - {C014AC08-284F-4E88-B14F-21141A74F00D} - C:\WINDOWS\system32\phpAPP20.dll (file missing)
O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\2003\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe - Je zou ook eens naar de rechten van het bestand kunnen kijken. Een enkele keer worden die ook wel naar readonly oid. veranderd. Gebeurt ook wel eens met services, en rechten in de registry. Dan de rechten zo ruim mogelijk instellen, proces afbreken in taakbeheer (of met APM), en vervolgens verwijderen, al dan niet met killbox.
http://www.diamondcs.com.au/index.php?page=apm - Gerben heeft gelijk, daarbij wil ik dus aanvullen dat het hier dus om 2 processen gaat die je beide moet beeindigen alvorens deze te verwijderen.
[quote:1f611d7b2a]C:\Program Files\qpsxvpqp\cUACAoRN.exe
C:\Program Files\qpsxvpqp\NRoACAUc.exe[/quote:1f611d7b2a]
Groeten smeenk - Probeer het volgende ook eens: Configuratiescherm -> Software -> Kijk of het volgende er staat, selecteer deze en kies voor verwijderen.
[b:d4e364cc1a]CommonName[/b:d4e364cc1a]
Groeten smeenk :wink: - Beste Gerben en Smeenk,
Ik heb alles gedaan wat jullie hebben opgeschreven maar ik krijg die processen niet beeindigd! Ook niet met het programma APM. Hij beeindigd de 2 toepassingen wel maar daarna zie je dat de toepassingen meteen weer opstarten! Ik ben bang dat ik er nooit meer vanaf kom. Hebben jullie nog een tip?? - Deze al geprobeerd:
Probeer het volgende ook eens: Configuratiescherm -> Software -> Kijk of het volgende er staat, selecteer deze en kies voor verwijderen.
[b:d1469eb96e]CommonName[/b:d1469eb96e]
Groeten smeenk :wink: - Kun je de bestanden ook hernoemen? Als ie ze dan weer opnieuw probeert op te starten, zal dat niet lukken, omdat ie ze niet kan vinden.
- Mocht dit ook niet werken.
Ik heb zelf het idee, dat deze bestanden iedere keer terug worden geplaatst.
We kunnen best eerst even kijken waar ze naar verwijzen in het register.
Download de Registry Search Tool hier. Unzip en run het script. Krijg je een reactie van je antivirusprogramma dan moet je Script blocking uitschakelen in het anti-virusprogramma. In het Zoekveld geef je het volgende in:
[b:3748737fe8]cUACAoRN.exe[/b:3748737fe8]
Post het resultaat.
Doe hetzelfde voor [b:3748737fe8]NRoACAUc.exe[/b:3748737fe8]
Groeten smeenk :wink: - Beste Gerben en Smeenk,
Ik heb geen CommonName gveonden in software. Ook heb ik geprobeerd de bestanden (ze staan inderdaad op read only) te wijzigen door het vinkje weg te halen. Dat lukt niet, ik krijg een foutmelding. Ook het wijzigen van de bestandsnamen lukt niet. Het is heel irritant!
Ik heb het register laten doorzoeken op cUACAoRN.exe. Eerst vond het programma niks, daarna heb ik gezocht op cuacaorn. Toen vond hij 670 items! Ook heb ik gezocht op bYVHVAUx, want dat is waas Spysweeper naar verwijst, en dit heeft ook weer te maken met cuacaorn. Op NRoACAUc.exe is niets gevonden.
Resultaten cUACAoRN:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "cUACAoRN" 25/08/2005 15:40:58
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aA0GTgUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aA0GTgUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aA0GU11v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aA0GU11v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aApGYs1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aApGYs1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aAVGYo1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aAVGYo1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aAVJQAow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aAVJQAow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aEFGV91w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aEFGV91w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aEFHQcUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aEFHQcUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agFGQsUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agFGQsUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agFGYo1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agFGYo1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agpGXAUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agpGXAUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agpGXw1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agpGXw1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agVHZ91v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agVHZ91v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\akFJTA1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\akFJTA1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aM0GY91w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aM0GY91w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aM0HWgUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aM0HWgUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aMFHQgUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aMFHQgUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aQFGZ9Ux]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aQFGZ9Ux]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aU0HT9Ex]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aU0HT9Ex]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUFJSwUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUFJSwUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUpGTkow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUpGTkow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUpHWoEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aUpHWoEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aw0GT11x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aw0GT11x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aw0GYs1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aw0GYs1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awFGSs1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awFGSs1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awFHWcow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awFHWcow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awpGScow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\awpGScow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYFHTgov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYFHTgov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYpGU51v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYpGU51v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVGSsox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVGSsox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVHZoUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVHZoUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bAFGV9Ex]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bAFGV9Ex]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bAFHX91v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bAFHX91v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bApGVo1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bApGVo1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bApHUwUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bApHUwUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bE0GV1Ux]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bE0GV1Ux]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEFJY9Ew]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEFJY9Ew]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEpGTw1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEpGTw1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEVJUsEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bEVJUsEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIFJY5ow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIFJY5ow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIVGYgov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIVGYgov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIVGZcEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bIVGZcEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bkFJSoEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bkFJSoEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bM0HTgow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bM0HTgow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMFGQgEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMFGQgEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMpGZg1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMpGZg1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMpHQwEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMpHQwEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMVGQoEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bMVGQoEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQ0HYw1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQ0HYw1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQpGZk1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQpGZk1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQpHV1ox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQpHV1ox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVHRoov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVHRoov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJUw1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJUw1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJWkox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJWkox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJXgUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bQVJXgUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bU0HS1Uw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bU0HS1Uw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUFGQAow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUFGQAow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUpHYAox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUpHYAox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUVGR11v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bUVGR11v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bw0HZkox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bw0HZkox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bwFJXAEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bwFJXAEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bY0HVkUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bY0HVkUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bYpHYsow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bYpHYsow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bYVHVAUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bYVHVAUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cApHQgUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cApHQgUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHR11w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHR11w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHXc1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHXc1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHY1ow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAVHY1ow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEFGZcox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEFGZcox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEVGU91w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEVGU91w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEVGZwUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cEVGZwUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cg0GVsox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cg0GVsox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cgFJUo1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cgFJUo1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cgpGTgUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cgpGTgUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIFJVAUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIFJVAUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIpGU1ov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIpGU1ov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIVJRw1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cIVJRw1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cM0GQgox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cM0GQgox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cMVGTw1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cMVGTw1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQ0HZ5Ew]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQ0HZ5Ew]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQFJXwox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQFJXwox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQVJSAox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQVJSAox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQVJVkox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cQVJVkox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cU0HYkox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cU0HYkox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cUVJVwov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cUVJVwov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cYFHR51w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cYFHR51w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cYFJQ51x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cYFJQ51x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dAFGRsUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dAFGRsUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dEVHQ51v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dEVHQ51v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dgFHRcov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dgFHRcov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dgVHZg1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dgVHZg1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dI0GWgEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dI0GWgEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIFGVg1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIFGVg1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIFHY11v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIFHY11v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIVHW5Uw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIVHW5Uw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIVJSw1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dIVJSw1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dkpHU5Uw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dkpHU5Uw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dM0HX51w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dM0HX51w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dMFHUcEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dMFHUcEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dQVGToUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dQVGToUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dQVGV5ov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dQVGV5ov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUFGV1Ex]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUFGV1Ex]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUpGQwUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUpGQwUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dwFHUw1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dwFHUw1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dwVJXwov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dwVJXwov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dY0GZAUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dY0GZAUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dYFGXgUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dYFGXgUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eEVJR5Ew]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eEVJR5Ew]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGRoEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGRoEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGU5ov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGU5ov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGU91x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGU91x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGWo1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egpGWo1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egVGY1Ex]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egVGY1Ex]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eI0GW51v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eI0GW51v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ek0GWg1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ek0GWg1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ekFGVsUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ekFGVsUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ekpGYoEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ekpGYoEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0GToUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0GToUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0GZo1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0GZo1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0HV51x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM0HV51x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eUFJRgEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eUFJRgEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eUpHVkEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eUpHVkEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GQcEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GQcEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GTAow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GTAow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GZo1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eY0GZo1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYFGR91x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYFGR91x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYpGUAEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYpGUAEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVGRo1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVGRo1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVGTsEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVGTsEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVHV9ow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVHV9ow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVJYgEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eYVJYgEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fA0GWsox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fA0GWsox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fA0GZwEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fA0GZwEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fAFHQsov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fAFHQsov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fE0HVg1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fE0HVg1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fEFJT91w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fEFJT91w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fgFGQ51w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fgFGQ51w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fgpHVAEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fgpHVAEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fI0GRoEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fI0GRoEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fIFJTsox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fIFJTsox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fkpHToEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fkpHToEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fkVGSkEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fkVGSkEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GWcEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GWcEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GWoEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GWoEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GZoEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fM0GZoEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQ0GSs1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQ0GSs1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQFHZsUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQFHZsUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQpGQwEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fQpGQwEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fUFHVwUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fUFHVwUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fUpGZ91w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fUpGZ91w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fwpHYo1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fwpHYo1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fwVGS51x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fwVGS51x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYFHWsEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYFHWsEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYpGVoov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYpGVoov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYVHT5Ew]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYVHT5Ew]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYVJYoEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fYVJYoEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QApGR5ov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QApGR5ov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QE0GY9ov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QE0GY9ov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QEFHSsow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QEFHSsow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QEpGXkEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QEpGXkEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qg0GQsow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qg0GQsow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QgpHU1Ew]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QgpHU1Ew]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QIpGRw1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QIpGRw1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qk0HY9Ew]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qk0HY9Ew]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QkFGTw1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QkFGTw1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QkVGZ9ov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QkVGZ9ov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0GSgEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0GSgEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0GY9Ux]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0GY9Ux]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0HXgov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QM0HXgov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QMpGWgUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QMpGWgUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QMVHQgov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QMVHQgov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QUpGZsox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QUpGZsox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qw0HX9Ew]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qw0HX9Ew]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QwFGVcEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QwFGVcEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYFJWsov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYFJWsov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYVGSgEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYVGSgEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYVJScEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QYVJScEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAFGQo1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAFGQo1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAVGXg1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAVGXg1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAVJTs1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RAVJTs1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RE0GXAEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RE0GXAEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REFGSk1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REFGSk1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgFHYc1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgFHYc1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgFJS1ov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgFJS1ov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgVGUk1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RgVGUk1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RI0GUsox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RI0GUsox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RkFGR5Ex]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RkFGR5Ex]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RkFHSwUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RkFHSwUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMFJTAUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMFJTAUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMFJY9Uw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMFJY9Uw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMpGYcEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMpGYcEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMVGUo1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMVGUo1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMVHT5ov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RMVHT5ov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQ0GVcEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQ0GVcEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQ0GZsUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQ0GZsUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQpGW1ov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQpGW1ov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQVGZ9Uw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RQVGZ9Uw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RU0HW9Ex]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RU0HW9Ex]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RUFJT51x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RUFJT51x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RUVGTcEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RUVGTcEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RY0HT5Ex]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RY0HT5Ex]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RYFGTcox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RYFGTcox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YA0HSsox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YA0HSsox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YA0HXs1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YA0HXs1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YAVHWs1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YAVHWs1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YE0GTcUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YE0GTcUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yg0HWoEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yg0HWoEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yg0HWoow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yg0HWoow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YgVJUsEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YgVJUsEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YIVHWkow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YIVHWkow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yk0HXAUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yk0HXAUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVGXsUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVGXsUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVHQkox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVHQkox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVHXkUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YkVHXkUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMpHRcow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMpHRcow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMVGVsUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMVGVsUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMVHV51w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMVHV51w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQpGV11x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQpGV11x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQpGW1ov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQpGW1ov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQVHU5Ew]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YQVHU5Ew]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0GRwEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0GRwEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HTk1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HTk1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HX1ow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HX1ow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HZ1ox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YU0HZ1ox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUFHTAox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUFHTAox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUpGQgUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUpGQgUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUpGV5ov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUpGV5ov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUVGSA1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YUVGSA1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YwFGW9ov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YwFGW9ov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YY0GZcov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YY0GZcov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YY0HYwox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YY0HYwox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YYFJZAox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YYFJZAox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YYpGRgEx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YYpGRgEx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZA0GSo1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZA0GSo1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZE0GX9Ux]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZE0GX9Ux]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZEpHXA1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZEpHXA1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZEVHW1Ew]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZEVHW1Ew]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zg0GSsUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zg0GSsUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgFGWgox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgFGWgox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgFJWsov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgFJWsov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgVJSoUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZgVJSoUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZI0GRsEw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZI0GRsEw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIFJR9Ew]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIFJR9Ew]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIVHSwov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIVHSwov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIVJU91x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZIVJU91x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zk0GXsUw]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zk0GXsUw]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZkVHQcov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZkVHQcov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZkVJYkox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZkVJYkox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZM0HVgox]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZM0HVgox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZMpGWcUx]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZMpGWcUx]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQ0HQ1ow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQ0HQ1ow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQ0HQ5ow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQ0HQ5ow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQVHQg1v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQVHQg1v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZUpHZ91w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZUpHZ91w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZUVHT9ow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZUVHT9ow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwFGTw1x]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwFGTw1x]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwpHS9Ew]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwpHS9Ew]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwpHV91v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZwpHV91v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZY0GU91v]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZY0GU91v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZY0HYgov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZY0HYgov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYFHQsow]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYFHQsow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYFHXAov]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYFHXAov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYpGUg1w]
"item"="cUACAoRN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZYpGUg1w]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bYVHVAUx"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"="cUACAoRN"
[HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aAFHS9ow]
"path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aAFHS9ow]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aAFJXwov]
"path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aAFJXwov]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aEFHZ5Ux]
"path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aEFHZ5Ux]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aEVJYAox]
"path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_aEVJYAox]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_akVGT51v]
"path"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Software\Webroot\SpySweeper\Startup\2_akVGT51v]
"command"="C:\\PROGRA~1\\qpsxvpqp\\cUACAoRN.exe"
[HKEY_USERS\S-1-5-21-515967899-839522115-1343024091-1004\Soft - Hallo, Anneke
Ik kom er nog niet uit, ik krijg op dit moment wel fantastische hulp op de achtergrond.
Ik denk dat we nog meer informatie moeten hebben:
Download Winpfind.zip en installeer het in op het bureaublad
Start de computer op in VEILIGE mode. Open [b:c6a964dbd4]WinPFind[/b:c6a964dbd4] en dubbel-klik op [b:c6a964dbd4]WinPFind.exe[/b:c6a964dbd4]. Wanneer het progamma is gestart klik op de Start Scan button. Dit scannen kan even duren. Wanneer de scan klaar is wordt een log gemaakt.
Herstart de computer in normale mode en post de inhoud van WinPFind.txt.
Maak een startuplist met behulp van HijackThis
Open Misc Tools en zet een vinkje bij de 2 items rechts van "Generate a startuplist log"
daarna de startuplist log genereren en ook in een bericht posten.
Het is inderdaad een taaie rakker :wink:
Als het commonname is zou je hier wat aan kunnen hebben: http://is.asu.edu/instruction/myasu/tutorials/commonname.html
Groeten smeenk - Hoi Smeenk,
Geweldig dat jullie me zo helpen, echt té gek hoor!
Ik heb heb alles gedaan alleen is het niet volledig gelukt. Ik kreeg een fotmelding tijdens het scannen bij WinPFind. De melding was : invalid data type for "flag". Vervolgens bleef de zandlopen lopen en heb ik het moeten afbreken. Er is wel een log (maar ik denk niet volledig):
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding…" you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder…
Checking %ProgramFilesDir% folder…
Checking %WinDir% folder…
PECompact2 11/04/2005 20:39:38 14563177 C:\WINDOWS\LPT$VPN.556
qoologic 11/04/2005 20:39:38 14563177 C:\WINDOWS\LPT$VPN.556
SAHAgent 11/04/2005 20:39:38 14563177 C:\WINDOWS\LPT$VPN.556
UPX! 11/04/2005 20:39:40 170053 C:\WINDOWS\tsc.exe
PECompact2 11/04/2005 20:39:38 14563177 C:\WINDOWS\VPTNFILE.556
qoologic 11/04/2005 20:39:38 14563177 C:\WINDOWS\VPTNFILE.556
SAHAgent 11/04/2005 20:39:38 14563177 C:\WINDOWS\VPTNFILE.556
UPX! 11/04/2005 20:39:40 1044560 C:\WINDOWS\vsapi32.dll
aspack 11/04/2005 20:39:40 1044560 C:\WINDOWS\vsapi32.dll
Checking %System% folder…
UPX! 22/06/2003 14:40:40 71168 C:\WINDOWS\SYSTEM32\Agent.dll
UPX! 31/05/2004 8:02:04 220672 C:\WINDOWS\SYSTEM32\B4FM.dll
UPX! 14/05/2003 6:51:12 22016 C:\WINDOWS\SYSTEM32\ctbv2.dll
PEC2 07/09/2001 14:00:00 41122 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 13/05/2003 6:34:54 131072 C:\WINDOWS\SYSTEM32\ezStubi.dll
PTech 15/11/2003 13:41:52 H 2504815 C:\WINDOWS\SYSTEM32\kyf.dat
PECompact2 05/08/2005 3:31:54 1455960 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05/08/2005 3:31:54 1455960 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 15/06/2003 9:08:04 97280 C:\WINDOWS\SYSTEM32\msbb1.dll
UPX! 20/06/2003 17:49:06 30720 C:\WINDOWS\SYSTEM32\netpals.dll
UPX! 03/04/2003 18:26:10 88064 C:\WINDOWS\SYSTEM32\NLNP13.dll
UPX! 14/08/2003 15:29:28 113664 C:\WINDOWS\SYSTEM32\nostalgia.dll
aspack 04/08/2004 10:03:00 729088 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04/08/2004 10:03:20 676864 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 31/08/2003 11:26:38 71168 C:\WINDOWS\SYSTEM32\SHAgent.dll
UPX! 18/08/2003 8:47:38 71168 C:\WINDOWS\SYSTEM32\SHAgentNew.dll
winsync 07/09/2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 19/09/2003 8:59:32 226304 C:\WINDOWS\SYSTEM32\Xcite.dll
Checking %System%\Drivers folder and sub-folders…
PTech 04/08/2004 7:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days…
26/08/2005 8:16:30 S 2048 C:\WINDOWS\bootstat.dat
25/08/2005 12:27:34 HS 35840 C:\WINDOWS\Thumbs.db
01/07/2005 14:56:16 H 0 C:\WINDOWS\inf\oem42.inf
24/08/2005 14:35:32 HS 20480 C:\WINDOWS\system32\Thumbs.db
26/08/2005 8:05:14 H 1007 C:\WINDOWS\system32\vsconfig.xml
08/07/2005 16:23:14 S 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
30/06/2005 9:06:28 S 11437 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat
19/07/2005 20:48:48 S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
30/06/2005 13:42:14 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat
30/06/2005 14:21:06 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat
30/06/2005 8:46:12 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat
28/06/2005 19:12:50 S 11845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
02/07/2005 10:18:12 S 9445 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat
26/08/2005 8:16:20 H 8192 C:\WINDOWS\system32\config\default.LOG
26/08/2005 8:16:50 H 1024 C:\WINDOWS\system32\config\SAM.LOG
26/08/2005 8:16:32 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
26/08/2005 8:17:34 H 65536 C:\WINDOWS\system32\config\software.LOG
26/08/2005 8:16:40 H 1458176 C:\WINDOWS\system32\config\system.LOG
13/08/2005 23:20:34 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
07/08/2005 13:50:14 S 7652 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
07/08/2005 13:50:14 S 134 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
31/07/2005 9:45:46 HS 6144 C:\WINDOWS\system32\iMesh_Cache\Thumbs.db
20/07/2005 15:49:40 H 16826 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_QI021E.GID
31/07/2005 9:45:46 HS 6144 C:\WINDOWS\system32\WinFox\Thumbs.db
26/08/2005 8:14:26 H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files…
Microsoft Corporation 04/08/2004 10:03:36 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04/08/2004 10:03:36 554496 C:\WINDOWS\SYSTEM32\appwiz.cpl
Creative Technology Ltd. 28/05/2001 14:47:00 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
11/05/2001 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 04/08/2004 10:03:36 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Creative Technology Ltd. 30/03/2001 3:00:00 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl
Microsoft Corporation 04/08/2004 10:03:36 137728 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04/08/2004 10:03:36 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04/08/2004 10:03:36 156672 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04/08/2004 10:03:36 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04/08/2004 10:03:36 132608 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04/08/2004 10:03:36 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04/08/2004 10:03:36 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 22/02/2004 23:44:42 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 07/09/2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
AvantGo, Inc. 22/02/2003 0:58:26 69632 C:\WINDOWS\SYSTEM32\MBLLNK.CPL
Microsoft Corporation 04/08/2004 10:03:36 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
02/03/1998 11:24:38 41984 C:\WINDOWS\SYSTEM32\mtrcfg.cpl
Microsoft Corporation 07/09/2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04/08/2004 10:03:36 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04/08/2004 10:03:36 260608 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 06/10/2003 15:16:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 04/08/2004 10:03:36 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 02/10/2002 13:01:34 45171 C:\WINDOWS\SYSTEM32\plugincpl131_06.cpl
Microsoft Corporation 04/08/2004 10:03:36 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
19/11/1999 14:54:12 155648 C:\WINDOWS\SYSTEM32\PPPoEService.cpl
Apple Computer, Inc. 30/09/2004 16:24:08 324608 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 04/08/2004 10:03:38 302592 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 07/09/2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04/08/2004 10:03:38 94720 C:\WINDOWS\SYSTEM32\timedate.cpl
24/10/1998 14:01:00 R 53248 C:\WINDOWS\SYSTEM32\VSVART.cpl
Microsoft Corporation 04/08/2004 10:03:38 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
WildTangent, Inc. 27/09/2002 14:47:26 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
Microsoft Corporation 26/05/2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 04/08/2004 10:03:36 359936 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 07/09/2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 07/09/2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 07/09/2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26/05/2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder…
02/10/2002 9:56:20 HS 84 C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder…
01/08/2002 16:30:00 HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
Checking files in %USERPROFILE%\Startup folder…
Checking files in %USERPROFILE%\Application Data folder…
17/04/2005 18:35:56 1210 C:\Documents and Settings\Braambosch\Mijn documenten\Application Data\AdobeDLM.log
01/08/2002 16:30:00 HS 62 C:\Documents and Settings\Braambosch\Mijn documenten\Application Data\desktop.ini
17/04/2005 18:35:56 0 C:\Documents and Settings\Braambosch\Mijn documenten\Application Data\dm.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
Cable Wanadoo = IEAKCable Wanadoo
ESB{724A5BE0-ACF6-46F3-A275-C1039B8DD43E} =
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = E:\Adobe\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\gedownloade bestanden\Downloads Max\winrar\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = E:\Ws-FTP Prof\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\gedownloade bestanden\Downloads Max\winrar\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = E:\Ws-FTP Prof\wsftpsi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\gedownloade bestanden\Downloads Max\winrar\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip van de dag = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText = Toevoegen aan Mobiele favorieten :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText = Toevoegen aan Mobiele favorieten… : C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Onderzoek :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\2003\NavShExt.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
{1C78AB3F-A857-482E-80C0-3A1E5238A565} = :
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
{E6AE90A4-1B01-47F0-AA78-E6B122E145E9} = :
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Toolbar : C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koppelingen : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HTpatch C:\WINDOWS\htpatch.exe
UpdReg C:\WINDOWS\UpdReg.EXE
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
bYVHVAUx C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
Hierbij de log van Hijackthis:
StartupList report, 26/08/2005, 9:00:14
StartupList version: 1.52.2
Started from : E:\Hijack\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\qpsxvpqp\cUACAoRN.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\qpsxvpqp\NRoACAUc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\2003\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Hijack\HijackThis.exe
————————————————–
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Bean\Programma's\Opstarten]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
————————————————–
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
————————————————–
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No values found*
————————————————–
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
————————————————–
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
————————————————–
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
————————————————–
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
————————————————–
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
————————————————–
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
————————————————–
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
————————————————–
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
————————————————–
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
————————————————–
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
————————————————–
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
————————————————–
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
————————————————–
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
————————————————–
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
————————————————–
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
————————————————–
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
————————————————–
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
————————————————–
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
————————————————–
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
————————————————–
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
————————————————–
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
————————————————–
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
————————————————–
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
————————————————–
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
————————————————–
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
————————————————–
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
————————————————–
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
————————————————–
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /s
————————————————–
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
————————————————–
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
————————————————–
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP
E /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
————————————————–
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
————————————————–
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
————————————————–
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
————————————————–
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
————————————————–
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
————————————————–
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Register-editor'
Registry check passed
————————————————–
Enumerating Browser Helper Objects:
(no name) - E:\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - E:\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
NAV Helper - C:\Program Files\Norton AntiVirus\2003\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
————————————————–
Enumerating Task Scheduler jobs:
Norton AntiVirus - Mijn computer scannen.job
Symantec NetDetect.job
{39C56FD3-AF37-478D-B788-250E4099C5B5}_C3649579_Braambosch.job
————————————————–
Enumerating Download Program Files:
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[CryptoRSA Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CRYPTO~1.OCX
CODEBASE = https://www.p3.postbank.nl/sesam/CAX.cab
[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[CBSBiB.iPCRClickMap]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\klikkaart.ocx
CODEBASE = http://www.cbs.nl/nl/cijfers/buurt-in-beeld/klikkaart.CAB
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1076452679607
[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab
[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab
[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab
[{62475759-9E84-458E-A1AB-5D2C442ADFDE}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097645052471
[HouseCall Besturing]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
[AvxScanOnline Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX
CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab
[Java Plug-in 1.4.2_04]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
CODEBASE = http://java.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
[InstallShield International Setup Player]
InProcServer32 = c:\windows\DOWNLO~1\isetup.dll
CODEBASE = http://www.installengine.com/engine/isetup.cab
[Installation Helper Object]
InProcServer32 = C:\WINDOWS\DOWNLO~1\instwact.dll
CODEBASE = http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
[Anonymizer Anti-Spyware Scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebAAS.dll
CODEBASE = http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37868.3905092593
[IEAnimBehaviorFactory Class]
InProcServer32 = C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL
CODEBASE = http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
[GDIChk Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GDIChk.dll
CODEBASE = http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
[ING Bank Autorisatiescherm]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AXDigiSign.dll
CODEBASE = http://secure.ingbank.nl/download/DigiSign.cab
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/msnmessengersetupdownloader.cab
[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
[Virtools WebPlayer Class]
InProcServer32 = C:\Program Files\Virtools Web Player 2.5\WebPlayer.ocx
CODEBASE = http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
[Java Plug-in 1.3.1_06]
InProcServer32 = e:\Program Files\JavaSoft\JRE\1.3.1_06\bin\npjava131_06.dll
CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_06-win.cab
[Java Plug-in 1.4.2_04]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\flash.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[PBGNX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PBGNX.ocx
CODEBASE = https://www.p3.postbank.nl/GTO/PBGNX.cab
[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://www.popcap.com/games/popcaploader_v6.cab
[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab
[SwitchPointLite Starter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Starter.dll
CODEBASE = http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab
————————————————–
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll
Protocol #32: C:\WINDOWS\system32\mswsock.dll
Protocol #33: C:\WINDOWS\system32\mswsock.dll
Protocol #34: C:\WINDOWS\system32\mswsock.dll
————————————————–
Enumerating Windows NT/2000/XP services
Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)
AdobeVersionCue: E:\Adobe\Adobe Version Cue\service\VersionCue.exe (manual start)
Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP-clientprotocol: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET-statusservice: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start)
Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system)
ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start)
Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MAC-brug: System32\DRIVERS\bridge.sys (manual start)
MAC-brugminipoort: System32\DRIVERS\bridge.sys (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WinFast TV2000 XP WDM Video Capture: system32\drivers\wf2kvcap.sys (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation Service: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system)
Indexing-service: C:\WINDOWS\System32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.EXE (autostart)
Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative AC3 Software Decoder: System32\drivers\ctac32k.sys (manual start)
Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)
Creative SB Live!-spelpoort: System32\DRIVERS\ctljystk.sys (manual start)
Creative Proxy Driver: System32\drivers\ctprxy2k.sys (manual start)
Creative SoundFont Management Device Driver: System32\drivers\ctsfm2k.sys (manual start)
Dual-Mode DSC(2770): System32\Drivers\SQcaptur.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start)
Pinnacle PCTV Deluxe USB (PAL) Device: System32\DRIVERS\DunePal.sys (manual start)
E-mu Plug-in Architecture Driver: System32\drivers\emupia2k.sys (manual start)
Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start)
Stuurprogramma voor diskettestation: System32\Drivers\Sdfloppy.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system)
Spelpoort-enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start)
Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start)
HCF_MSFT: System32\DRIVERS\HCF_MSFT.sys (manual start)
Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system)
Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system)
COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start)
InCDPass: System32\DRIVERS\InCDPass.sys (system)
InCD Helper: C:\Program Files\Ahead\InCD\InCDsrv.exe (autostart)
Intel GV3-processorstuurprogramma: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (disabled)
IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system)
IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system)
iTouch Keyboard Filter: System32\DRIVERS\itchfltr.sys (manual start)
Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system)
Stuurprogramma voor toetsenbord-HID: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start)
Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042pr2.Sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Logitech USB Filter Driver: System32\Drivers\LCcFltr.Sys (manual start)
Logitech HID/USB Mouse Filter Driver: System32\DRIVERS\LHidFlt2.Sys (manual start)
Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.Sys (manual start)
mchInjDrv: \??\C:\DOCUME~1\BRAAMB~1\LOCALS~1\Temp\mc21.tmp (disabled)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (disabled)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system)
Stuurprogramma voor muis-HID: System32\DRIVERS\mouhid.sys (manual start)
WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)
BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft MPU-401 MIDI UART-stuurprogramma: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto-Protect: "C:\Program Files\Norton AntiVirus\2003\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050824.008\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050824.008\NavEx15.Sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.sys (manual start)
I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.sys (manual start)
RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-stuurprogramma: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nVidia WDM Video Capture (universal): System32\DRIVERS\nvcap.sys (autostart)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
nVidia WDM TVTuner: System32\DRIVERS\nvtunep.sys (autostart)
nVidia WDM TVAudio Crossbar: System32\DRIVERS\nvtvsnd.sys (autostart)
nVidia WDM A/V Crossbar: System32\DRIVERS\NVxbar.sys (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
NWLink IPX/SPX/NetBIOS-compatibel transportprotocol: System32\DRIVERS\nwlnkipx.sys (autostart)
NWLink NetBIOS: System32\DRIVERS\nwlnknb.sys (autostart)
NWLink SPX/SPXII-protocol: System32\DRIVERS\nwlnkspx.sys (autostart)
SAP Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (disabled)
Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)
Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
PCTVVBI: System32\DRIVERS\pctvvbi.sys (manual start)
Padus ASPI Shell: \??\C:\WINDOWS\System32\drivers\pfc.sys (manual start)
PfModNT: \??\C:\WINDOWS\System32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart)
WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start)
Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Logitech QuickCam Pro USB(PID_D001): System32\DRIVERS\p35u.sys (manual start)
Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start)
Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS (autostart)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start)
Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system)
Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (manual start)
Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system)
System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SRV: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
SVKP: \??\C:\WINDOWS\System32\SVKP.sys (autostart)
Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{E667FDF3-6749-41A9-93A4-1825E1008D94} (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
SymWMI Service: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (autostart)
Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system)
Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
WinFast TV2000 XP WDM TVTuner: system32\drivers\wf2ktunr.sys (autostart)
WinFast TV2000 XP WDM Crossbar: system32\drivers\wf2kxbar.sys (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start)
Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Stuurprogramma voor Microsoft USB Standaard-hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
Stuurprogramma voor USB-scanner: System32\DRIVERS\usbscan.sys (manual start)
Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start)
Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start)
Windows CE USB Serial Host Driver: System32\DRIVERS\wceusbsh.sys (manual start)
Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
WinIK: System32\Drivers\WinIK.sys (system)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart)
Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatische updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
————————————————–
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
————————————————–
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
————————————————–
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
————————————————–
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
————————————————–
End of report, 42.902 bytes
Report generated in 0,211 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Ik ga zo even kijken bij dat internetadres ivm commonname.
Groetjes!
Anneke
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.