Mededeling

Collapse
No announcement yet.

PC loopt erg langzaam

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • PC loopt erg langzaam

    Norton 360 op mijn pc wordt de hele tijd afgesloten, volgens mij door spyware.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 15:49:17, on 11-1-2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\WGP\wgp.exe
    C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe
    C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\dd.exe
    C:\WINDOWS\System32\calc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Documents and Settings\Niels\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    O1 - Hosts: 124.238.254.113 www.10280011.com
    O1 - Hosts: 124.238.254.113 10280011.com
    O1 - Hosts: 124.238.254.113 www.10289900.com
    O1 - Hosts: 124.238.254.113 10289900.com
    O1 - Hosts: 124.238.254.113 www.78877788.com
    O1 - Hosts: 124.238.254.113 78877788.com
    O1 - Hosts: 124.238.254.113 www.11051122.com
    O1 - Hosts: 124.238.254.113 11051122.com
    O1 - Hosts: 124.238.254.113 1.ehai01.com
    O1 - Hosts: 124.238.254.113 da.ehai01.com
    O1 - Hosts: 124.238.254.113 ehai01.com
    O1 - Hosts: 124.238.254.113 2008.sekart.cn
    O1 - Hosts: 124.238.254.113 www.sekart.cn
    O1 - Hosts: 124.238.254.113 sekart.cn
    O1 - Hosts: 124.238.254.113 www.11309988.com
    O1 - Hosts: 124.238.254.113 www.12100088.com
    O1 - Hosts: 124.238.254.113 www.12108899.com
    O1 - Hosts: 124.238.254.113 d2.llsging.com
    O1 - Hosts: 124.238.254.113 llsging.com
    O1 - Hosts: 124.238.254.113 dd.749571.com
    O1 - Hosts: 124.238.254.113 749571.com
    O1 - Hosts: 124.238.254.113 pr.749571.com
    O1 - Hosts: 124.238.254.113 txwm1204.com
    O1 - Hosts: 124.238.254.113 www.txwm1204.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [WinGuard Pro] C:\Program Files\WGP\wgp.exe
    O4 - HKLM\..\Run: [TBMonEx] C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe
    O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\rbnljq.exe
    O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
    O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\utfonm.exe
    O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
    O4 - HKLM\..\Run: [kermer] C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\dd.exe
    O4 - HKLM\..\Run: [kkaddmin] C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\fbd.exe
    O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
    O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe
    O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8978 bytes

  • #2
    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      ComboFix 08-01-16.4 - Niels 2008-01-16 18:50:37.4 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.490 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Niels\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\cmdbcs.exe
      C:\WINDOWS\LotusHlp.exe
      C:\WINDOWS\msprint32d.exe
      C:\WINDOWS\NVDispDrv.exe
      C:\WINDOWS\PTSShell.exe
      C:\WINDOWS\system32\3427311785.dll
      C:\WINDOWS\system32\LotusHlp.dll
      C:\WINDOWS\system32\nvdispdrv.dll
      C:\WINDOWS\system32\PTSShell.dll
      C:\WINDOWS\system32\WSockDrv32.dll
      C:\WINDOWS\WSockDrv32.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_NPF


      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))
      .

      2008-01-15 20:19 . 2008-01-07 17:54 18,372 --a------ C:\WINDOWS\rcvwfq.exe
      2008-01-13 07:53 . 2008-01-07 17:54 17,421 --a------ C:\WINDOWS\otloyk.exe
      2008-01-13 07:53 . 2008-01-06 18:31 16,177 --a------ C:\WINDOWS\dfizuz.exe
      2008-01-13 01:35 . 2008-01-07 17:54 18,372 --a------ C:\WINDOWS\kdrgsw.exe
      2008-01-12 05:32 . 2008-01-12 05:32 <DIR> d-------- C:\WINDOWS\LogFiles
      2008-01-09 21:13 . 2008-01-12 00:04 <DIR> d-------- C:\Documents and Settings\Niels\Application Data\skypePM
      2008-01-09 21:13 . 2008-01-09 21:13 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
      2008-01-09 21:10 . 2008-01-09 21:10 <DIR> d-------- C:\Program Files\Skype
      2008-01-09 21:10 . 2008-01-09 21:10 <DIR> d-------- C:\Program Files\Common Files\Skype
      2008-01-09 21:10 . 2008-01-13 02:35 <DIR> d-------- C:\Documents and Settings\Niels\Application Data\Skype
      2008-01-09 21:10 . 2008-01-09 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
      2008-01-07 17:39 . 2008-01-07 17:40 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
      2008-01-07 17:39 . 2008-01-07 17:40 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
      2008-01-07 17:39 . 2008-01-07 17:40 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
      2008-01-07 17:39 . 2008-01-07 17:40 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
      2008-01-07 17:23 . 2008-01-06 18:31 16,177 --a------ C:\WINDOWS\ccdtan.exe
      2008-01-07 06:56 . 2008-01-06 18:30 18,372 --a------ C:\WINDOWS\kzwfez.exe
      2008-01-07 06:55 . 2008-01-06 18:30 17,421 --a------ C:\WINDOWS\slyoxn.exe
      2008-01-07 06:55 . 2008-01-06 18:31 16,177 --a------ C:\WINDOWS\pfkmhw.exe
      2008-01-06 10:00 . 2008-01-05 20:38 17,421 --a------ C:\WINDOWS\rfoxcy.exe
      2008-01-06 09:59 . 2008-01-05 20:41 16,177 --a------ C:\WINDOWS\uknudk.exe
      2008-01-06 09:25 . 2008-01-05 20:41 16,177 --a------ C:\WINDOWS\kvgzws.exe
      2008-01-05 23:43 . 2008-01-05 20:41 16,177 --a------ C:\WINDOWS\ngsgzp.exe
      2008-01-05 20:36 . 2002-09-09 13:08 19,501 ---hs---- C:\ntldr.exe
      2008-01-05 20:36 . 2008-01-16 18:59 85 ---hs---- C:\autorun.inf
      2007-12-16 09:15 . 2007-12-16 09:15 <DIR> d-------- C:\WINDOWS\system32\bits
      2007-12-16 09:15 . 2008-01-10 07:29 <DIR> d--h----- C:\WINDOWS\$hf_mig$
      2007-12-16 09:15 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-16 10:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-01-15 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2008-01-12 15:44 --------- d-----w C:\Documents and Settings\Niels\Application Data\GrabIt
      2008-01-07 16:55 17,631 ----a-w C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\00016.exe
      2008-01-07 16:41 --------- d-----w C:\Program Files\Norton 360
      2008-01-07 16:40 --------- d-----w C:\Program Files\Symantec
      2008-01-05 19:44 9,373 ----a-w C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\fbd.exe
      2008-01-05 19:44 8,163 ----a-w C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\dd.exe
      2007-12-18 21:25 --------- d-----w C:\Documents and Settings\Niels\Application Data\TransRender
      2007-12-11 06:32 --------- d-----w C:\Program Files\DVD Shrink
      2007-12-11 06:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
      2007-12-10 18:05 --------- d-----w C:\Program Files\GrabIt
      2007-11-29 06:27 --------- d-----w C:\Program Files\WGP
      2007-06-16 08:06 17,448 ----a-w C:\Documents and Settings\Niels\Application Data\GDIPFONTCACHEV1.DAT
      2002-09-09 12:08 19,501 --sh--w C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe
      2002-09-09 12:08 19,501 --sh--w C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 14:08 1511453]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 20:05 344064]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-14 17:36 6731312]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 23:50 155648]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
      "WinGuard Pro"="C:\Program Files\WGP\wgp.exe" [2005-01-06 15:55 389120]
      "TBMonEx"="C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe" [2002-09-09 13:08 19501]
      "kermer"="C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\dd.exe" [2008-01-05 20:44 8163]
      "kkaddmin"="C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\fbd.exe" [2008-01-05 20:44 9373]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 13:08 13312]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableRegistryTools"= 0 (0x0)

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{1456907A-0772-492A-B683-232BAFC33AD4}"= C:\WINDOWS\System32\3427311785.dll [ ]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACKWIN32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTI-TROJAN.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\APVXDWIN.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AUTODOWN.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVCONSOL.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVE32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCTRL.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVKSERV.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVNT.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPCC.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPDOS32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPM.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPTC32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPUPD.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSCHED32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWIN95.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWUPD32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BLACKD.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BLACKICE.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFIADMIN.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFIAUDIT.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFINET.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFINET32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLAW95.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLAW95CF.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLEANER.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLEANER3.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DVP95.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DVP95_0.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ECENGINE.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EGHOST.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ESAFE.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EXPWATCH.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-AGNT95.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-PROT.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-PROT95.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-STOPW.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FESCUE.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FINDVIRU.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FP-WIN.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROT.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FRW.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMAPP.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMSERV.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IBMASN.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IBMAVSP.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICLOAD95.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICLOADNT.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICMON.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICSUPP95.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICSUPPNT.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IFACE.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IOMON98.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\JEDI.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAV32.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVsvc.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSvcUI.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVFW.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.kxp]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVwsc.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP.kxp]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchUI.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LOCKDOWN2000.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo1_.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo_1.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LOOKOUT.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LUALL.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MAILMON.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MOOLIVE.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFTRAY.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\N32SCANW.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapw32.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVLU32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVNT.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVWNT.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NISUM.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NMain.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NORMIST.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NUPGRADE.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NVC95.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVCL.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVSCHED.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVW.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCCWIN98.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCFWALLICON.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PERSFW.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rav.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV7.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV7WIN.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVmon.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVmonD.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVtimer.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rising.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SAFEWEB.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCAN32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCAN95.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCANPM.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCRSCAN.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SERV95.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SMC.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPHINX.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SWEEP95.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TBSCAN.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCA.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS2-98.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS2-NT.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\THGUARD.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanHunter.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VET95.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VETTRAY.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSCAN40.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSECOMR.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSHWIN32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSSTAT.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBSCANX.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WFINDV32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZONEALARM.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_AVP32.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_AVPCC.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_AVPM.EXE]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ÐÞ¸´¹¤¾ß.exe]
      Debugger=C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe

      R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\System32\DRIVERS\sncp106.sys [2002-12-27 17:26]

      *Newly Created Service* - COMHOST
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-12 09:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-16 18:59:35
      Windows 5.1.2600 Service Pack 1 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-16 19:02:51 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-01-16 18:02:48
      ComboFix2.txt 2007-11-18 22:38:31
      ComboFix3.txt 2007-11-15 18:08:30
      .
      2008-01-10 06:30:47 --- E O F ---

      Comment


      • #4
        Download de bijlage: CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord.
        Bijgevoegde Bestanden

        Comment


        • #5
          ComboFix 08-01-16.4 - Niels 2008-01-18 12:58:15.5 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.443 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Niels\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Niels\Bureaublad\cfscript.txt
          * Nieuw herstelpunt werd aangemaakt

          FILE
          C:\WINDOWS\ccdtan.exe
          C:\WINDOWS\dfizuz.exe
          C:\WINDOWS\kdrgsw.exe
          C:\WINDOWS\kvgzws.exe
          C:\WINDOWS\kzwfez.exe
          C:\WINDOWS\ngsgzp.exe
          C:\WINDOWS\otloyk.exe
          C:\WINDOWS\pfkmhw.exe
          C:\WINDOWS\rcvwfq.exe
          C:\WINDOWS\rfoxcy.exe
          C:\WINDOWS\slyoxn.exe
          C:\WINDOWS\uknudk.exe
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Program Files\WGP
          C:\Program Files\WGP\keym.ico
          C:\Program Files\WGP\LOCKCTRL.EXE
          C:\Program Files\WGP\unins000.dat
          C:\Program Files\WGP\unins000.exe
          C:\Program Files\WGP\update.ico
          C:\Program Files\WGP\Update\MAU.exe
          C:\Program Files\WGP\Update\MAU.ini
          C:\Program Files\WGP\Update\MAU.lng
          C:\Program Files\WGP\vbrun60sp6.exe
          C:\Program Files\WGP\wgp.exe
          C:\Program Files\WGP\wgpnote.exe
          C:\WINDOWS\ccdtan.exe
          C:\WINDOWS\dfizuz.exe
          C:\WINDOWS\Fonts\00-E0-7D-B6-22-45
          C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\00016.exe
          C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\dd.exe
          C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\fbd.exe
          C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\KB930.vxd
          C:\WINDOWS\Fonts\00-E0-7D-B6-22-45\system\wdfmgr.exe
          C:\WINDOWS\kdrgsw.exe
          C:\WINDOWS\kvgzws.exe
          C:\WINDOWS\kzwfez.exe
          C:\WINDOWS\ngsgzp.exe
          C:\WINDOWS\otloyk.exe
          C:\WINDOWS\pfkmhw.exe
          C:\WINDOWS\rcvwfq.exe
          C:\WINDOWS\rfoxcy.exe
          C:\WINDOWS\slyoxn.exe
          C:\WINDOWS\uknudk.exe

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_NPF


          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))
          .

          2008-01-12 05:32 . 2008-01-12 05:32 <DIR> d-------- C:\WINDOWS\LogFiles
          2008-01-09 21:13 . 2008-01-12 00:04 <DIR> d-------- C:\Documents and Settings\Niels\Application Data\skypePM
          2008-01-09 21:13 . 2008-01-09 21:13 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
          2008-01-09 21:10 . 2008-01-09 21:10 <DIR> d-------- C:\Program Files\Skype
          2008-01-09 21:10 . 2008-01-09 21:10 <DIR> d-------- C:\Program Files\Common Files\Skype
          2008-01-09 21:10 . 2008-01-13 02:35 <DIR> d-------- C:\Documents and Settings\Niels\Application Data\Skype
          2008-01-09 21:10 . 2008-01-09 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
          2008-01-07 17:39 . 2008-01-07 17:40 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
          2008-01-07 17:39 . 2008-01-07 17:40 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
          2008-01-07 17:39 . 2008-01-07 17:40 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
          2008-01-07 17:39 . 2008-01-07 17:40 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
          2008-01-05 20:36 . 2002-09-09 13:08 19,501 ---hs---- C:\ntldr.exe
          2008-01-05 20:36 . 2008-01-18 12:47 85 ---hs---- C:\autorun.inf

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-17 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
          2008-01-16 10:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-01-12 15:44 --------- d-----w C:\Documents and Settings\Niels\Application Data\GrabIt
          2008-01-07 16:41 --------- d-----w C:\Program Files\Norton 360
          2008-01-07 16:40 --------- d-----w C:\Program Files\Symantec
          2007-12-18 21:25 --------- d-----w C:\Documents and Settings\Niels\Application Data\TransRender
          2007-12-11 06:32 --------- d-----w C:\Program Files\DVD Shrink
          2007-12-11 06:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
          2007-12-10 18:05 --------- d-----w C:\Program Files\GrabIt
          2007-06-16 08:06 17,448 ----a-w C:\Documents and Settings\Niels\Application Data\GDIPFONTCACHEV1.DAT
          .

          ((((((((((((((((((((((((((((( [email protected]_19.02.40.00 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-01-16 17:50:30 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          + 2008-01-18 11:58:08 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          - 2008-01-16 17:50:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          + 2008-01-18 11:58:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          - 2008-01-16 17:50:30 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
          + 2008-01-18 11:58:08 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
          - 2008-01-16 17:50:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          + 2008-01-18 11:58:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          - 2008-01-16 17:50:30 4,251,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
          + 2008-01-18 11:58:08 4,251,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
          - 2008-01-16 17:50:30 192,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          + 2008-01-18 11:58:08 192,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          - 2008-01-16 17:58:49 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
          + 2008-01-17 06:19:36 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
          - 2008-01-16 17:58:49 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
          + 2008-01-17 06:19:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
          - 2008-01-16 17:58:49 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
          + 2008-01-17 06:19:36 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
          + 2008-01-18 12:04:06 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_62c.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 14:08 1511453]
          "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
          "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 20:05 344064]
          "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
          "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-14 17:36 6731312]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
          "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 23:50 155648]
          "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 13:08 13312]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
          "DisableRegistryTools"= 0 (0x0)

          R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\System32\DRIVERS\sncp106.sys [2002-12-27 17:26]

          *Newly Created Service* - COMHOST
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-12 09:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-18 13:03:29
          Windows 5.1.2600 Service Pack 1 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-18 13:06:22 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-01-18 12:06:20
          ComboFix2.txt 2008-01-16 18:02:51
          ComboFix3.txt 2007-11-18 22:38:31
          ComboFix4.txt 2007-11-15 18:08:30
          .
          2008-01-10 06:30:47 --- E O F ---

          Comment


          • #6
            Verwijder de volgende map:
            C:\Qoobox

            Maak dan je prullenbak leeg.

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Post als laatste nog een nieuw logje van Hijackthis ter controle

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X