elsekri

Membres

Afficher le profil Afficher son activité

Compteur de contenus
14
Inscription
le 14 novembre 2005
Dernière visite
le 7 avril 2006

elsekri's Achievements

Junior Member (3/12)

Réputation sur la communauté

[AVI]Ventilo 17 pouces

elsekri a répondu à un(e) sujet de elsekri dans Conseils matériel - Achats & Ventes

je confirme, c'est pour rafraichir le pc les supports sur lequel repose l'ordi sont distant de 35 cm en largeur et 25 cm en profondeur mes dimensions personnelles imposeraient un ventilateur d'une plus grande importance! a plus
- le 10 janvier 2006
- 12 réponses
[AVI]Ventilo 17 pouces

elsekri a posté un sujet dans Conseils matériel - Achats & Ventes

Bonjour, je recherche un ventilo pour portable, 350*250 mm mini, pour refroidir par dessous le bestiau, merci!
- le 10 janvier 2006
- 12 réponses
ça me gonfle...

elsekri a répondu à un(e) sujet de myriam972 dans Sécurisation, prévention

salut, comme le dit bip-bip, va faire un tour sur le forum "analyse de log Hi-jack", applique la procédure épinglée, poste ton rapport Hijack, et tout devrait rentrer dans l'ordre assez vite! a plus
- le 20 novembre 2005
- 6 réponses
[avi] DD externe USB 2.0

elsekri a posté un sujet dans Conseils matériel - Achats & Ventes

Salut, Tout est dit: je veux acheter un DD externe pour mon portable (150-200 Go). Y'a t'il des marques à éviter, des marques recommandées? J'en ai vu pas mal cramer ou mal marcher, alors je me pose des questions, quoi. Merci bien!
- le 20 novembre 2005
- 3 réponses
rapport HijackThis

elsekri a répondu à un(e) sujet de elsekri dans Analyses et éradication malwares

Salut, c'est parfait, l'ordi est propre comme un sous neuf... j'aime pas trop quand y'a des interruptions mémoires, ca me rapelle des mauvais souvenirs; j'ai eu peur que ma mem soit morte. Donc j'ai été agréssé par look2me? avast avait diagnostiqué hoaxalarm-k. Bref, je garde antivir, et quel est selon toi le firewall pas trop lourd qui marche bien? Ah dernier truc, burton a du laissé tomber, tu peux regarder le hijack du second PC, qui est un peu plus haut? merci bien... t'es d'ou en ardèche au fait? plutot aubenas, lamastre ou vallée du rhone?
- le 16 novembre 2005
- 23 réponses
rapport HijackThis

elsekri a répondu à un(e) sujet de elsekri dans Analyses et éradication malwares

salut, voila le rapport l2mfix: L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (ID-NI) ALLOW Read BUILTIN\Utilisateurs (ID-IO) ALLOW Read BUILTIN\Utilisateurs (ID-NI) ALLOW Full access BUILTIN\Administrateurs (ID-IO) ALLOW Full access BUILTIN\Administrateurs (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{0E6C58A9-F592-4862-B35F-CA45E24003B3}"="CloneCD" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="P‚riph‚riques Plug and Play universels" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler" "{906b0e6e-61ce-11d3-8ee2-0060080a7242}"="QuickSFV Shell Extension" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ am21e.dll Thu 29 Aug 2030 19:22:32 A.... 97 792 95,50 K amn21e.dll Thu 29 Aug 2030 19:22:32 A.... 137 728 134,50 K bassmod.dll Fri 21 Oct 2005 6:45:14 A.... 34 308 33,50 K browseui.dll Sat 3 Sep 2005 1:06:12 A.... 1 020 416 996,50 K cdfview.dll Sat 3 Sep 2005 1:06:12 A.... 152 064 148,50 K cdosys.dll Sat 10 Sep 2005 2:55:14 A.... 2 067 968 1,97 M cert32.dll Sun 13 Nov 2005 17:27:10 A.... 33 086 32,31 K danim.dll Sat 3 Sep 2005 1:06:12 A.... 1 056 256 1,00 M dslite.dll Thu 29 Aug 2030 19:22:32 A.... 13 824 13,50 K dxtrans.dll Sat 3 Sep 2005 1:06:12 A.... 205 312 200,50 K extmgr.dll Sat 3 Sep 2005 1:06:12 ..... 55 808 54,50 K gdi32.dll Thu 6 Oct 2005 4:18:12 A.... 280 064 273,50 K iepeers.dll Sat 3 Sep 2005 1:06:12 A.... 251 392 245,50 K inseng.dll Sat 3 Sep 2005 1:06:12 A.... 96 768 94,50 K klogini.dll Sun 13 Nov 2005 17:27:06 A.... 0 0,00 K linkinfo.dll Thu 1 Sep 2005 2:43:38 A.... 19 968 19,50 K mshtml.dll Tue 4 Oct 2005 16:26:06 A.... 3 013 120 2,87 M mshtmled.dll Sat 3 Sep 2005 1:06:12 A.... 448 512 438,00 K msrating.dll Sat 3 Sep 2005 1:06:12 A.... 146 432 143,00 K mstime.dll Sat 3 Sep 2005 1:06:12 A.... 530 432 518,00 K netman.dll Mon 22 Aug 2005 19:35:10 A.... 197 632 193,00 K pngfilt.dll Sat 3 Sep 2005 1:06:12 A.... 39 424 38,50 K quartz.dll Tue 30 Aug 2005 4:55:44 A.... 1 293 312 1,23 M shdocvw.dll Sat 3 Sep 2005 1:06:12 A.... 1 484 288 1,41 M shell32.dll Fri 23 Sep 2005 4:07:00 A.... 8 506 880 8,11 M shlwapi.dll Sat 3 Sep 2005 1:06:12 A.... 474 112 463,00 K umpnpmgr.dll Tue 23 Aug 2005 4:39:36 A.... 124 928 122,00 K urlmon.dll Sat 3 Sep 2005 1:06:12 A.... 605 696 591,50 K wininet.dll Sat 3 Sep 2005 1:06:12 A.... 662 528 647,00 K winsrv.dll Thu 1 Sep 2005 2:43:38 A.... 292 352 285,50 K 30 items found: 30 files, 0 directories. Total of file sizes: 23 342 402 bytes 22,26 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 98C6-6938 R‚pertoire de C:\WINDOWS\System32 13/11/2005 19:07 <REP> dllcache 15/02/2004 19:17 6ÿ144 access.ctl 08/09/2003 00:31 8 68698B79B6.sys 04/04/2003 09:38 <REP> Microsoft 2 fichier(s) 6ÿ152 octets 2 R‚p(s) 7ÿ903ÿ519ÿ744 octets libres a plus merci salut, a l'ami burton, le nouveau log hijackthis (du second PC, quoi): Logfile of HijackThis v1.99.1 Scan saved at 19:53:11, on 15/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Utilities\Notebook Utilities\hptasks.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\windows\system\hpsysdrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\HPConfig.exe C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - HKLM\..\Run: [Display Settings] C:\Program Files\Utilities\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe merci
- le 15 novembre 2005
- 23 réponses
rapport HijackThis

elsekri a répondu à un(e) sujet de elsekri dans Analyses et éradication malwares

salut les gars, non, ce n'est pas un doublon, vous énervez pas, j'applique la procédure à un autre ordinateur la... pas grave. bip bip: j'applique ta procedure et je te renvoie le rapport du premier pc burton : je te renvoie bientot un highjack du second pc a pluche
- le 15 novembre 2005
- 23 réponses
rapport HijackThis

elsekri a répondu à un(e) sujet de elsekri dans Analyses et éradication malwares

Salut à tous, je veux faire un clean complet d'un PC qui m'appartient pas et que je soupconne être plein de saloperies. J'applique la procédure de prenettoyage, mais en mode sans echec ecran bleu, puis redemarrage instantané... Le PC démarre correctement en mode normal, voici le hijack: Logfile of HijackThis v1.99.1 Scan saved at 14:50:05, on 15/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Utilities\Notebook Utilities\hptasks.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\carpserv.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\hijack\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Display Settings] C:\Program Files\Utilities\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe petite precision: j'ai deja desinstalle norton y'a un moment pour le remplacer par avast que je vais remplacer par antivir, donc pas de pitie pour symantec et alwil... que vient foutre de jusched.exe? le carpserv est fixable non? Merci bien...
- le 15 novembre 2005
- 23 réponses
rapport HijackThis

elsekri a répondu à un(e) sujet de elsekri dans Analyses et éradication malwares

Salut bip, j'ai refait la procédure 1 en incluant le cert32; je crois qu'on lui a fait la fesse, à ce malware: Logfile of HijackThis v1.99.1 Scan saved at 08:26:35, on 15/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005\RpcSandraSrv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe le log regsearch: REGEDIT4 ; Registry Search by Bobbi Flekman ; Version: 1.0.2.1 ; Results at 15/11/2005 08:27:19 for strings: ; 'cert32' ; 'cert64' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... Merci bien, je pense que c'est ok... Suis impressionné par vos techniques en tout cas; j'espère en avoir pris de la graine. Sinon perso tu me conseilles quoi comme antivirus permanent et firewall permanent, et eventuellement autres anti-malware?? a plus
- le 15 novembre 2005
- 23 réponses
rapport HijackThis

elsekri a répondu à un(e) sujet de elsekri dans Analyses et éradication malwares

'lut, je suis bien en 32 bits. En mode sans echec, procexpl se lance, mais la procédure n'y fait rien... par contre, il me demande les MS debugging tools, je les installe et recommence? plusieurs remarques: -avec hijack, ce n'est plus avpx32 qui pose problème mais cert32. Les éclater comme cert64 dans la bdr est une fausse bonne idée ou ca se tente? -quand je supprime les fichiers en mode sans échecs, je n'ai pas de répertoire WINloDOWS, donc je ne vire rien; par contre, les fichiers sont bien présents sur c:\windows, mais je n'y ai pas touché... à creuser? -que penses tu de ca: http://www-cu.symantec.com/avcenter/venc/d....haxdoor.e.html, à adapter avec cert64? -Asquared n'y change rien, malheureusement... - sinon, le systeme est stable si ce n'est que je ne peux plus utiliser IE ni giganews... merci encore, si tu as des pistes ou des infos, je prend bien sur... au pire, je lance un nouveau post, je pense qu'un germanophone (http://board.protecus.de/t20153.htm) pourra m'aider, apparament le mec avait l'air content du résultat... jette un coup d'oeil, peut etre la methode te dira qqch. A plus
- le 14 novembre 2005
- 23 réponses
rapport HijackThis

elsekri a répondu à un(e) sujet de elsekri dans Analyses et éradication malwares

Re ami de de la cailette et de la chataigne, tu vas rire, procexp ne se lance pas, c'est la bonne version XP, je comprends pas, y'a pas un autre explorer de ce genre? en attendant, je refait la première procédure en prenant garde aux lignes blanches de fix.reg je te tiens au jus, merci...
- le 14 novembre 2005
- 23 réponses
rapport HijackThis

elsekri a répondu à un(e) sujet de elsekri dans Analyses et éradication malwares

Hola l'ardechois, je crois avoir tout fait nickel, mais cette verole de cert64 me pourri toujours: REGEDIT4 ; Registry Search by Bobbi Flekman ; Version: 1.0.2.1 ; Results at 14/11/2005 16:24:59 for strings: ; 'cert64' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CERT64] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CERT64\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CERT64\0000] "Service"="cert64" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CERT64\0000] "DeviceDesc"="cert64 TCP" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CERT64\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CERT64\0000\Control] "ActiveService"="cert64" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cert64] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cert64] "DisplayName"="cert64 TCP" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cert64\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cert64\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cert64\Enum] "0"="Root\\LEGACY_CERT64\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CERT64] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CERT64\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CERT64\0000] "Service"="cert64" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CERT64\0000] "DeviceDesc"="cert64 TCP" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cert64] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cert64] "DisplayName"="cert64 TCP" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cert64\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CERT64] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CERT64\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CERT64\0000] "Service"="cert64" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CERT64\0000] "DeviceDesc"="cert64 TCP" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CERT64\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CERT64\0000\Control] "ActiveService"="cert64" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cert64] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cert64] "DisplayName"="cert64 TCP" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cert64\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cert64\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cert64\Enum] "0"="Root\\LEGACY_CERT64\\0000" ; End Of The Log... ... et le hijack: Logfile of HijackThis v1.99.1 Scan saved at 16:31:43, on 14/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\WINDOWS\System32\00THotkey.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O20 - Winlogon Notify: cert32 - C:\WINDOWS\SYSTEM32\cert32.dll O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005\RpcSandraSrv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe je précise que lorsque j'arrete la machine, blue screen et tralala vidange merci de ta patience en tout cas
- le 14 novembre 2005
- 23 réponses
rapport HijackThis

elsekri a répondu à un(e) sujet de elsekri dans Analyses et éradication malwares

re, je farfouillais déja sur bleeping Voila le premier log, avec cert64, avpx32, avpx64 et qy: (y'a du monde) REGEDIT4 ; Registry Search by Bobbi Flekman ; Version: 1.0.2.1 ; Results at 14/11/2005 13:54:06 for strings: ; 'avpx32' ; 'cert64' ; 'avpx64' ; 'qy' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dqy] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dqy] @="dqyfile" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.iqy] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.iqy] @="iqyfile" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.iqy] "Content Type"="text/x-ms-iqy" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.oqy] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.oqy] @="oqyfile" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rqy] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rqy] @="rqyfile" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rqy] "Content Type"="text/x-ms-rqy" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dqyfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dqyfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dqyfile\Shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dqyfile\Shell\Edit_Query_in_Notepad] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dqyfile\Shell\Edit_Query_in_Notepad\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dqyfile\Shell\open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dqyfile\Shell\open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dqyfile\Shell\open\ddeexec] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dqyfile\Shell\open\ddeexec\Application] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dqyfile\Shell\open\ddeexec\topic] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\6AE70DAE671F3D11D83300054038183D] "msiquote.iqy"=hex(7):43,38,34,44,56,6e,2d,7d,66,28,59,52,5d,65,41,52,36,2e,6a,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iqyfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iqyfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iqyfile\Shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iqyfile\Shell\Edit_Query_in_Notepad] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iqyfile\Shell\Edit_Query_in_Notepad\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iqyfile\Shell\open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iqyfile\Shell\open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iqyfile\Shell\open\ddeexec] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iqyfile\Shell\open\ddeexec\Application] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iqyfile\Shell\open\ddeexec\topic] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/x-ms-iqy] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/x-ms-iqy] "Extension"=".iqy" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/x-ms-rqy] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/x-ms-rqy] "Extension"=".rqy" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\oqyfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\oqyfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\oqyfile\Shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\oqyfile\Shell\Edit_Query_in_Notepad] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\oqyfile\Shell\Edit_Query_in_Notepad\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\oqyfile\Shell\open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\oqyfile\Shell\open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\oqyfile\Shell\open\ddeexec] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\oqyfile\Shell\open\ddeexec\Application] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\oqyfile\Shell\open\ddeexec\topic] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rqyfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rqyfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rqyfile\Shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rqyfile\Shell\Edit_Query_in_Notepad] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rqyfile\Shell\Edit_Query_in_Notepad\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rqyfile\Shell\open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rqyfile\Shell\open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rqyfile\Shell\open\ddeexec] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rqyfile\Shell\open\ddeexec\Application] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rqyfile\Shell\open\ddeexec\topic] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealPlayer\6.0\Preferences\PluginHandlerData\PluginInfo0] @="{PluginFilename~Sembd3260.dll~ComponentCLSID~XYECIN3SoaUWbf9utVc9RvA==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XgOZpQdC+SEWsq9SN/Op5RQ==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XFDdHvbNxHkqT4BuHjkzt+A==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XczBEpUJvU02oAvL4iVlNcw==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XgqT4AiKWCk+PybAXCGifDg==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XL2RxoqZeCUeHgGP36kqTTw==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XYK0zn7y88E22vsF6Byr6nA==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~X8FzB82X+0hGn5gDA8DGKWQ==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XXA2J8mqqhkWpwJW26g33yw==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XTIwar04ck0qIPBYr5jNMEQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:_rpsystemsettingsdb~PluginFilename~Srpcl3260.dll~ComponentCLSID~XFOBygqvLQU6ZywcWJeycTA==}{ComponentName~Shttp://ns.real.com/gemini.v1:_rpregistrydb~PluginFilename~Srpcl3260.dll~ComponentCLSID~XGrzsEgIhi06aucWRl86Pww==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~X/WH7sw5ow0+A/xDfxgcPyA==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XBpDcEXSyPkiVJc4PM7umig==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XBRQiAUmJZU2lHB48kePS/Q==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XIjUyT2m3ekex63CnHUdTqw==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XZhwZyHMNf067q2b4nIJnOw==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~X5SpD4VMbpkGeXpxiTEl/Mg==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~X7KRU02R7Nk2cDmFSFg44vw==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XDKRe4zjTzECcT2YRTzLr4A==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XAcANo9F01RGttgDA8ECmGg==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XNeJ5c+I/mUCVwo6BPHFqww==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~X9T6V8ARhG0C7EC99zfzJag==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XFAO0kbReVE+bDCa1RKL1mQ==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XrO9TAK+y9E24XPD+e65wMQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:firstrunactor~PluginFilename~Srpgu3260.dll~ComponentCLSID~XIHcOIocn/0OuiwdiMmz1WA==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpbubbleactor~PluginFilename~Srpgu3260.dll~ComponentCLSID~XO73hIAmGfkepRD+iSWvGOw==}{PluginFilename~Srpgu3260.dll~ComponentCLSID~XtanxWFEX6UaOn0X+JEA4QA==}{ComponentName~Shttp://ns.real.com/gemini.v1:viewportwindowactor~PluginFilename~Srpgu3260.dll~ComponentCLSID~XVYQkLOcBFEiTghoKOG2JMQ==}{PluginFilename~Srpgu3260.dll~ComponentCLSID~XK7jUcv+oFEKADaWSakhqAA==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpfindactor~PluginFilename~Srpgu3260.dll~ComponentCLSID~XK8ioeCmmkk6ONeACkFWvww==}{PluginFilename~Srpgu3260.dll~ComponentCLSID~X3gQ5xsf90U+W4cCJ+TgOwQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpcontrolbarsactor~PluginFilename~Srpgu3260.dll~ComponentCLSID~X5il6Uschek2mEH5XYQz7Kg==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpseektopositionactor~PluginFilename~Srpgu3260.dll~ComponentCLSID~XL9X5X3SJVUW1fIaiMWqEkw==}{ComponentName~Shttp://ns.real.com/gemini.v1:rppreviewplaybackactor~PluginFilename~Srpgu3260.dll~ComponentCLSID~XzxwQ/+T5MkGC1Ms6tPvc0g==}{PluginFilename~Srpgu3260.dll~ComponentCLSID~Xsh/iP2RR9kKeT5PvpzY1Aw==}{IRCAPreferencable~SPrefPage~PluginFilename~Srput3260.dll~ComponentCLSID~X5vxVOzgNcUqpoyl7Q7e0sw==}{IRCAPreferencable~SPrefPage~PluginFilename~Srput3260.dll~ComponentCLSID~XLhowymlOkUO/leM+ZNYDBg==}{IRCAPreferencable~SPrefPage~PluginFilename~Srput3260.dll~ComponentCLSID~XCDDv6eb43EevaeRqMzs4cg==}{IRCAPreferencable~SPrefPage~PluginFilename~Srput3260.dll~ComponentCLSID~X5RNh5lFrkUuwvVv3j6kayA==}{IRCAPreferencable~SPrefPage~PluginFilename~Srput3260.dll~ComponentCLSID~X1+Ptp0tU+ESxTIvEQynMcg==}{IRCAPreferencable~SPrefPage~PluginFilename~Srput3260.dll~ComponentCLSID~Xg/DDX94p2U6LKMuuDjbFRw==}{IRCAPreferencable~SPrefPage~PluginFilename~Srput3260.dll~ComponentCLSID~XwahR37unTUGktUnlFpYBqg==}{IRCAPreferencable~SPrefPage~PluginFilename~Srput3260.dll~ComponentCLSID~XJUngz8UC10i3u+p68xDosg==}{IRCAPreferencable~SPrefPage~PluginFilename~Srput3260.dll~ComponentCLSID~Xt+SFQz/Bt0ajeaWzxN28Pw==}{IRCAPreferencable~SPrefPage~PluginFilename~Srput3260.dll~ComponentCLSID~XPsT956LGwECRvLYogoMblA==}{IRCAPreferencable~SPrefPage~PluginFilename~Srput3260.dll~ComponentCLSID~XsBhB/KkYDEO1rxLKpRCsgQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:RPPrefsDlgActor~PluginFilename~Srput3260.dll~ComponentCLSID~Xuf7Gi0Q4AESxtEeaQT5Pfw==}{ComponentName~Shttp://ns.real.com/gemini.v1:RPBrokenLinkDialog~PluginFilename~Srput3260.dll~ComponentCLSID~X+T2E6JierkSC+HWwZakp5A==}{ComponentName~Shttp://ns.real.com/gemini.v1:RPExpiredTrackDialog~PluginFilename~Srput3260.dll~ComponentCLSID~XccK4Ax6N1RGtvwDA8ECmGg==}{ComponentName~Shttp://ns.real.com/gemini.v1:RPExpiredLicenseDialog~PluginFilename~Srput3260.dll~ComponentCLSID~XK9Ugkb97rkybfsXDJ47MRA==}{ComponentName~Shttp://ns.real.com/gemini.v1:RPActivateOfflineDialog~PluginFilename~Srput3260.dll~ComponentCLSID~XfGb5vcYBvUmm/OwwScZufg==}{PluginFilename~Srput3260.dll~ComponentCLSID~Xv1pmZVWVxk6gxbtfEsO3cw==}{PluginFilename~Srput3260.dll~ComponentCLSID~XxluxbMl4kkyfpgkcgyX2Zw==}{PluginFilename~Srput3260.dll~ComponentCLSID~Xs8tdAIibNkyNJqUEgH9P6w==}{PluginFilename~Srput3260.dll~ComponentCLSID~XWZMlMEhe0U6hvd3KvjYchA==}{PluginFilename~Srput3260.dll~ComponentCLSID~XzTigFguAlEG2Ds3IG7VONQ==}{PluginFilename~Srput3260.dll~ComponentCLSID~X1j1AfirEbkmxjw4Y89IJoA==}{PluginFilename~Srput3260.dll~ComponentCLSID~X66z+5aHb+0mvxbIzLJAaHg==}{PluginFilename~Srput3260.dll~ComponentCLSID~XhFiqIL+6iUWZctgF/K/Keg==}{PluginFilename~Srput3260.dll~ComponentCLSID~XscQ1qEZdxUaFEGxLfCi6IA==}{ComponentName~Shttp://ns.real.com/gemini.v1:RPConnectionChangedDlg~PluginFilename~Srput3260.dll~ComponentCLSID~X2myp1NnXTUW49+ytC5pr+A==}{ComponentName~Shttp://ns.real.com/gemini.v1:RPViewingTimeExpiredDialog~PluginFilename~Srput3260.dll~ComponentCLSID~XX0P3FD62Uk+wG3gSA21LAw==}5796" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28427C49BCFE3D118A6E000680F38D3D] "9040820900063D11C8EF00054038389C"="C:\\Program Files\\Microsoft Office\\Office10\\Queries\\MSN MoneyCentral Investor Stock Quotes.iqy" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\32418F9EE1126B64A90E8365B85CFCF6\Features] "Main_programs"="k8)9dDGaYAq$HvhQjHHr?D)gc@6ka8`fHdT?]R62UWxLi+~ro8ZN_B$=N%-a2)pOYVY*@=4_!JKN`bYWBI65F0IIK=z20Rz~csn+.',=j&88]=sq?Kz-O8itmLn%3ATa-A]{CEGC]VZ%`.FyNy]gw=caI9LQc*wXTWQ)nqKCAAse[uTrGrKTavO`mWVKq=iU%^`jp-D`W$G~V5Umr88YQtVXet`3-Bg^k-AVRA&5*rL.}&0i4VyZUjFCt8BXIInL+7gT_C5VW)R3??A5Ov1%z*'eH.=C0}31)AU8xyvSQ{?J__v}KqY%W9cs*D0_LGhrolbp^eM}n@d3iRoz-LKYPNN%Ijuhl=Ul49=AIz-^5LMi_@if}?$[Zoqz7a+$[r,jBhEWq=@T_nB78*}LZ!&hDq4{p8uc+-7TKMCG" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\32418F9EE1126B64A90E8365B85CFCF6\Features] "MultiLanguage_files"="%xz71hkWR90%MUps,YEgWCwN'~QYM9zfH1z]-QGbkBvSMAmhZA.dyE3s0H.j!w2OxuGB^92h93OzCNRuq*xvyC`o$?=g=^z^QvQK}oQ&54^w4@R@_55WRU^m1R]7yKo`o@G9XoczVzVU*8jW@52t.AOD8-hO9o6pogzlbPB`h?}QDpnvB(*fDIp{4OoBa?C3xwn1E6C.lHL=H{mqL?fTq{?nTsr^?$Qp!@b%y9!1hwBu6fMHKe&q=$hX.?@jPi-uOI1vPgQJvW-zq=(MdbJ~0W2v4WW@0RTG=ASKKVGJJA4v8FRKyPGd-=`q~urXtkQ7}X9_QtL~D@Cd0FMaey0rck12K8-o1?&8*cIOP@j31)6RHSzH29.o&K[*5tu!8_5DUMEjQ?uR~%nJ*{.afErPmVk`J?YTq]S{rx_nKRx[d{0*K?8b`See?q&iyGSvT!w8W=Oq)LmkRGnvhX%Loszg'=mf)Q?PKV+(KuJYP$d~p=PnoZ^eR'Y-jM'?n_ryw=F8@s7f?m4PJRGZHMQB)?}A5UZc6O6)" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Features] "InternationalSupportFiles_CHS"=",yl6QYqlf(%C&!!f'ie.InternationalSupportFiles" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Features] "InternationalSupportFiles_CHT"="ZQy1tgdnf(Z.&!!6fwY-InternationalSupportFiles" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Features] "OUTLOOKFiles"="B-mgZ!Sy{@Ax5Fk-~+CG'K2Qps't@=3LoeW%lTmKR4w%$c}pf(Ed)L[lj+'(4Y6=uaLqf(kfbqFgkW_B)4E9*E}mf(y-A__qm]R2V%b^I)BnN@V5n{x*Ii(X!{a8k3L+F?}Sc7o6@!+_rI9&Z2]b+?YGXs4KmNqYB4Y!j][0]@mOOOM`8W0f+j2r_[e$g(S)9ef,$29%o]_fBKm(g(?u$!!6~97FDzBkuInpf(Ed)L[lj+'(&bTm$}Kkf(jZ@__qm]R2+ol~6Z`$g(*s@efxfq6EProductFiles" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Features] "InternationalSupportFiles_ArialUni"=".yl6QYqlf(%C&!!f'ie.InternationalSupportFiles" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\Features] "NETFX_SBS_Setup"=".8Y4q6??g9[RWCme&-?MMr.Nv(0L$?7bB2OFAziy%d]9W_wQv?[svhWdOZkVzoyD6cu(QA7]k+Nbtwj]=50G.'^?g(Z1z?VXB]2d15vDMnj5K@+p9aTIjo6u6zD$)a]L$?x}$H]mFv38CcrN@u^yx8*?-Ej!*hUlv1'Mr2pak=Yyt`i[6D&yBX(+Bx%`DA%Pn`cwzS0A0acd0Sh4K=jQ0Foh5VouiNOkvsp8H@vERMmqfNJ[)&Q!olKfD?.l.Zh~pzh`r`pYQQPb)AD%9A)g2DLsEiqyM`UpX=Qcgdte4PVSw&uag$yhR=A4}9XEtPCtbP^X2~)Sw8$OXktzpKRBA*d0`!UGZA}D3$kdR==O]G!@EDh{)?tvLxS,t5_k" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4036164967-79857088-4218871072-1005\Products\1BDDCFC5C6A8D23489B790ECF1F2171D\Features] "DATA_GAME_GRAPHICS_PICTURES_KITS"="F^0%TTL{Q?rk8ER0mD9E&XS2LT)E3@_{4%V8DpI%3E47r`$h^=wg[ud+R5eWlg3sL1c(t?^*O_9OOZjI6EUH]I%Aq8[4FyN=dW~dL^sOWqfB_@(kpbf@B[7Q~2vB311kN9Fhq@yPSEdSW[leSrfX?@Nr?o3D[z[T(Hi%Qst4??NzX41s75wo&459ImH0U=hEkpvIcf[PNvB9D'Sq+91(WQbTD1}?l0Omoqv.H=tXof=5TOMv66)9eaF119tu}1xZ?&*sCM^pe(GaN=Y}*W2AhF%ydI{UB{j8}9AiZ6oAmvxr{Z3@x)h?{8^BTh.M7*+Y)=)(BwuRy?[gd{L9_b3xcUR4=34GY?^{nBVQ=6[C1^Z_Qg`y.9O.[etM%'iILSqwJ~!1&9*$kq8^u_l,!XNB2**kW9Bn8@`KrQDZ$N0M(I%h1?{?OtxDE}vq-OcZWu3x]=5UcDtcB+MYHcX!6e?P}=RU.$fT?_Q2xzUh_d*GCA(riMLxU07^Oo5^XZ`.O@boe6)@C!I?}UXT4-y1I?^0,CT@'FKuw7Y&i.SCm@G}QS15jc.iy2OM)(_8`A[]mmUS2XG,}JP)5EZaJ?Dv{zqy@1GR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4036164967-79857088-4218871072-1005\Products\1BDDCFC5C6A8D23489B790ECF1F2171D\Features] "DATA_GAME_GRAPHICS_PICTURES_PLAYERS"="80^hIC%xJ@AeG&Y_ix&*Ie,go'wH*?UfC5_oDA%nR]@w'UrsP=J~`KL&Yu}]cf1T`zVL.?s,0lZmZkZUsc9m-Y`-b?@vxhR^2x1,!oQvI4a0m8[=i=GkR%(yOq?+bg%~r@Cu$^-t'prQQg5Eq(PLy9ar_al`dO`E@r*e=gNl7AckLt]B3oGZ*cSEBEhrg9]Lj~Q%lihZyDFl.~@Vb@z9?dk^8Fj@8udz8qvJ}=pfqW9mgQ}xhp{=(m~h+A+l-VeA?($[^..OUxTk}9]&7k!@4]0CV3.vQ0==c9N-s?Gz84=tz%Dyk7cc@@L9baOZ=J[umJP~eXJ%V?QMQ?{FEl'*bKk7K$~fc8p9U~$YBN1k}1!`!ikQ]8VYJC^(~r(ls[OZQ1v&+=J=RJG=@L[0~w&Dg@{WL@]-Gh?EOIVR90]i&)Kpz?H4F^hkFLayUGPcVr{pz=X+YcA'K[KH12vVTmL+E?%F372-).cW[~Z+n{%K692`Qi8[=a2(q3^@QZ3C!?,EnLK{LLPnYq]0_@y{x=iY5HIdJF8Bu{q%69hkO97g~*{{G6i&j&L]D?$Q]9$(5o6&PTpULDOCGPl1a8[dXjwr*T*?70Hir40GB9aIsGl&$hZ16slwj~dYl=VNTfxev',.l&7-iuK!0?u~hH8CxI{nk2RJDxAqY8gos_xj1K]Cls%9PI.VQ@_u0[l^e-1HisS_bZVDL=h!jlBhizagzIVyq]+1Q9EWZ]k[R%@8UGU4yYVa+=Bi{oHo9J^y$[_Nj=&q59LriYu@^xbyQxtvsyGY6?]*Em56{%P6)^,ES6V}t=nY@*%-cKR[r8'~f2`,n@1XMe]HAK[3TJr3XD5LJA14zMYP!AAAza2Ad+c3J=A2_=68^8lt[GZT!%&9w=AoglD$TI)HwKrb'E?p79bPoEkhOaG+!eSs`!iD6AI's!5yej8cy2dMBwZ]OAFg9c9)pED?W0SVU(c]^8UhQhOm&,6EBXUwL%JKF@e2lJ,pkRZ&?_.2]Z}U1=9!`FrLwf%O^(FW$d=C89iK&h'C8rOrU4SlsY^1o9&%(3ES,yLpUVa{kJ3QD@(R&iI0j3Ef$]H62dPLc?G-{IyNSh%I?ri{g[OaA@OaSeP9VF@dB52lowCPG@nXhMETsj2$9L3kpXg~i81gch^~@iV]I9nglLT*x=MWF_Afm[Jh]xfoeBE+j8_wWun[~]O`DU_Gz6tg*@?(]OXv+K.N.)~w]q!=J?TWZJ)z6o4=$`[fCb{.A=cD`qcj=y2vV+S!Il%*$=CYWds@xRddhzb(Gdh^y?vU0y^skew!HvM0?-~+U=5HgrWml,dvUeK)7er]E@SLjc[uA3d7~tYewOaR1?8X=O@gBrwI+]C5@.H4??MZ)o'[sc]1*JxhQA4UB?Dp`=v4~YR[dLotT?T`1@6[.PU--Y5dd&mSq(a^V?Hb-BN^fCZF8HV3FQ8(g8I}eVLv8*v[&K}`XUEhSA-[od3T$V1D'MeC)O+6b9oHNNBxWM5D-,]2Gmgxr9]^gXxe&_x4M-2pJ40@p8W9u+)]5$WFA3S4]*31~?DW)LlO{0+=%pUXL8Sr99UrMyd%aijk{UxW!b6LH9TWW^T10V1NsC*3iCbqb?tSo6{a=^b.OL`S22PLE?P0=ssSeW{)y{387Yi!q8N}`0rw7F34@xYasD1DJ9*mxQh,frCc&GwXo1z8r=LM[R]pWI3K-b1afAzD$A&K!G%y0Hs(3,WUStX'8=z)4ub5AjaPQndzcMLJe=GXWlc{`aDdGJYrjyVH29vAB56lQ9oN({SJ^PuKn?gle0MqV@ol(V%}NREf,A'1c+YXOXp,bxPWjCACk8UM!(e2`'M4[?Zwy.4Gh@'X0iSxshkGju6DV4K=R@MiLd9P4T3-F2f3EAizR9z?$a+oPzE9)kXq.b4Bt8M0~9y+TTg]=$1p7)^V]8Rf5fzb}xb(8[i.(*XtA=JsS^,wm0'P)qYBghhpY9K*c5Z()q?ho-~.ZJ1?d?'FWf.'=2@,)XNkpji~p@D`qmsHq}8a]+(D^g{o`A!e}-Yc-Kr.Os4(HrRq)?54Gv!j*kc?yiS&i*Y+I9@0}L^@S7=-,s@Zfa0]J@MAYtVGrhM_%6()9FurX@cX?6q3TcY5{YUWRko30?I{!pGwwD}7Q^${%^q}=AR2*ePW'_[*8'P8?~pq)9'PiEU9kJ}v}r)$?kj[@AepS=V%q+v*5WgTe]+.s97b*^pm~zu'^CKNRJq]a9OOKP.1+2YccJ3ULS5k5@w@,5SWcVzLBsh_bx'vm@[)6$+PZj&?{,=YFTVS&=mA$n1KLKLdtvKV]JfS?AD0f-260DBiLYA]A@!9X=[&V'3ZDSbkFL_]Q]Nxq=B4~e]XWzk5qBUvU7-Ei@B`MTX(,o}1}!pligO'@=b}-dRB)*KN8R[ra+?*}8ZdvWfV_1MT?]v4tc]s3?9Zo5hw8YnA8FR_$S%[7AZWaMm@}G%YLFq@=,58^@4@mN['JJ3z!XlEi=Jbg?0{F^^VBCsMCUnh2J+ny=7Ng)@DK[pGJ2}=NW^-3?xg3n@BQQ`6BGK_Lkw.8@TwCg)%jpIoB[,.B0y$_AOKvFO]s?]78Cx,,jWm6@dxVld,g{*AuJ?Y(tFbo=52h@PimHj+QMQwp{LR~9iPFSuqCPZ*9}Ty@Vg~??%bPR1gsBXML^e[f?&wc@DDNgi9.Xf22tQKsmMLZ8oPU8.hO&k^HQr6[YK~D?jnA),9M]nA]G&6?_L(E913_3^a3{S+BfjA,iNM8A_CR?n-Ya--'u8n*=&R0@N9s3X[JJPC5OYPUAPxY9K,]*l-qBfn!mqu*QJWm?fb^Q^P2wezke3ltWP0ZAB^]qC`g'Alsvol,AD-q8[eD?B,tv9(ihwGi`KFR=G1o9,dXJn&UgK]7[2tN@QBl)bLT=j=2_=%G[x%8At*tU^U,@+!Subtc'gNp?-oI]VnJ6C.HRX0_*v{*@pDC]wIP=s9J{M6Kf'(6=ZXf*Q7a0jB}NSAV^-3`?a~45p,)Kb&u']21~j+h8ULY4dDaq+TcHx8b)K=X=@+]0iyQrDt)Xs*2YI&l?2RYR]d9!g.[R_qo_N&{=$MSP*,8zZyln}m%qhBi@mq?0Xm$0BOzgOSQIaHLAT2IG8BuptC4?M-Gj)nd9azUIY)kX_9AwEjr3C*995Pt.0NGU2?xGULZa*_J9$EVgbBalAn(=HJb^@IF?3z=kPRllg@riC&dm_-a?nj5WrzBnn4V_w)M`G3n=esWNN9KmjvCb@RKfkkR?V{Nx^.VHM0,k5Ud[`CN=cuY*SXckI+^vxgl+(aJ@Jkc%8g(J_eq}~5zlI%4A.oa1a29$0g+7!y_P`===5m+L5EB@fFtk[JjTjop?YH`VYG,z7_2!6BCr.8p@i,BGO[e?tF.$N6FVDPVA6&t,9&$Br6K!oGtXG=_87ksIZOi}qF44YK(8c9G@^~2bu{~M]EfTd-xHJf_A-UPI)_&9qTy,ql^IHzE9{p8D3xBtmv1&0CshLi-=~F.vPG=$*cA4{F3Iw7??zm6kCH9)fqhFf$Dr1u+?YB%%hG},hs8v7-Kwij{87=QFDDP*my]2RiovP!6@AZi*v1'bQ?2K7fK`l_&@v*HCg{`667.rY1)w1k+?EVQ)e-B*V.0w]]SE@-Q=!%9A7nM4^VMY(z4r+]P9T,-QKpT,69w,+1TwGIx@T`,Tuts0)c='5mSFb[-=HcfD$NisGvi7BGJM'~k=mAX=wwUEAl!p}]&T,^!=p@WL^=C59ti4[eCNZr{@Tii~cc6X9jU`Kay7_*g=+JQ170T)KPq}p7%qk209S2Nh-iFKLGCythQr*he8@kBSz~52!-*,~GQ846H=yWls0@`tIvCrjBZXV+S@ZpBfx4UVHs(_i]LZV`SAx%2wbl{?K=)t^&BQKO-=06Jp[Z239w*8uh%Om-i8g&8jti`-=+KLrC1s01*=OQq=M=tnKLwS!0iVoCP?LOa=FY]oyZjEo''h%=)=]X!+&Jv+68@aA7o9OX)9h%MdV$@k}Sj0ce?Y{qG?`Y=4J*J,K.4`v&8'Whk8@Qo7xNeM=l%3Aio6+jNAmtkFOR.~KX4j7fZF~vt=d_3Hr_Z,S%`m&xx5*Fz@-uV^B=rhj16rvJFL^zh?XB,ZxvIyOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4036164967-79857088-4218871072-1005\Products\1BDDCFC5C6A8D23489B790ECF1F2171D\Features] "DATA_GAME_GRAPHICS"=".~[1[!qZ_@K8q0qvKa)Bb6X.y(LCu=&z3b2eUOvSn]2@V==+8=id*2lP)+,rN@kso`u~H@@mwn8@UJhs!bgz'z{T2=RbN0YhbiA*_.~9Pi!D8?!YdaTVvE[ie^Hj!-DeL93&%H6hyeZbIChBwRCT^AB'JE$(wQEGxUQK@FN+)9T,KwZO?.An_RXqF@Tm??+AD$4UTM5ILwDmAJ(MUA.71MXNsnS5CjEGnm=z=A7.oJ*V+smgQv6+YUF1K9nOxEz1Q@GR}!'D?gczK@BkL$M}z.c-{$l2-VPDB?)7'[ifgNa)Z!=x8(g0o@PyQT`HQ_1*UwU%_b!_=A*hM1Q&XN+HCmIXWA]DN=CAE(f]~c6HlzKi@310~9dB}kN58eSeYU})gs'7eA}Yj@3i'-xaJ@1&8Gz2}?XAMJGLivXXO4`C4PWxQA0NL?$r7jCvT!p$zN`A~@%u]@^A[4pM=c]C.?xt4A0yEdj~xtLjr,!kncV_X9sWahR]3&qSY)V4m_m9[9FVK*BZ0i&1M_gQ5.4ZF@$VL@Ks^s[q&YGLgebna@6r&CaI*^{j-=Efl2@$t8eR)Soc{-n(k+2Sr)n[@=tf9f?wWAZR-oNSDO(u%@,I`$Qf3WZ`v[Al6F_Fa=-{CQTVsp+CDn5rLyh^q@g}G7G2H`5Bnvd.r__j}9Vxi3s`p'n[+q304mE1q?zO.]5A9NAyVHL{'o}d@9@`M}sbOuQ7-@aXp@SQA=+,N$[Q4oq29A1!,]xy4?})6^s$_c+JWKdVxXVhB=S8asVEBDVk=yh6ki$-i@jMwq!iy,SqkYU@A!h*b=hccUM8SII]]OlJg1*'WAqZT4vxi?tKgsZwWskN7@XvEs-TaHx)1JVREYCpt9iYjrE@Py(.Y!QY[YfX0=wMkbJQIe32gPP@v(70y9bv!57p9rblhmoVSUnF`8mnQWI`aDY_qcM2LSt~@=PLNns_5z,bK)BTl0-Qq@f*zsr2%[T`e%-}H,6P[@6?}h7HG4{l}uZ-yU(o+=*f@i2e-r]W&2@rsH.)s=~0t[JIsBT-!`VgZe][u=k'a{SteawQiF)3jsH3@@WZU'psbz,XG$e`2GgDv=,Ep14{z,}2lW)RsTWoa?i]2oUGij9=c_ss8u_rC=r?Q@[e_sP,CSX=FeO((9h=f''0'T}+-JuG5,d98A9J2YPpR,sMfBv2.g1~8?$qMeVRC$F&OoCPXMcz3A-1NYTcNfl8+S0%]'yGu=o}'2ttj9ETIfgSPae{m9v@n!&vF^sgC`iMm?cT}9+Mjry2iOAfdrsQ`vTE,?Ug[wv8'SyppeePEUl53=.S^45A=q]0x]}PNmc3K=06`bP,AK2[rc_V`^w0'9*+_~N[Em-f'?2+hQSAQ=?5JEu{PJgtEF[(s%Zka9fJ*)?W1Z]ro{=^$_7Q%93oEcvCxec'4-bG6&ai.=7NA1N]GFtc_Dr`uJ@=g8F.gOjFryL!%_Z}8Ln]^9}@,6'-y-Y.{H[+D7.A,@%v!U(lH-}TJRNfrf?yn?s9W!?}lj{hXtg2`t*4,@HEObrHp(dR1laoHp)s5@armF08gg3fY.Ew$jn`k=klYQ_@,w1E5K}9(ZHu[Ax-]0_]VTv2aKOzw3V?99qRk]^ir,!.-~nZaP-n~=HXWHe13dWI6=ki@qms?9(=]5`THodR9LrQGb)]f=T)CU*HPN8p}OOanQZ4%@J008yKPDfB@MmBggB?49]srF?1`'jWHjQc-Byu7AF3yuDAenQZ=Rqr*{0(h8cXN%,iQ,S]$oM09SVTB@r]0C6HMydb'SZLWinR(@7ZV&z'Vzv-M9%W$!?kr8gAVPa,v1pR?y?f2r%jO9D2]9OVk$zq`i&1*vSH6=,c16LGN=P-QhNE&s3$P=@Q6[2d6%3'3'oB`lItC9kbp=i=OxzmjW~@D2c_`A.j7%dHopTVA.C+1oWhH@`Dwhl=tB^_kYsG=h1%[8&Ay?0ZF`amljbhi.3Bx=t_V20@SY^T(h}n@[*p}==P^4hQ@b(x6VCZ@=Ot!@%1ef%pv-UFK]7sBmj08@AWv3tPTBqz0ab?7?tX,@8RAIr$E6a$Ha,'V2AoVA[?h=Gtk0[Q5c(H86AZH=mU2Rb7'TcCvLa-43K~&=PT`-(921vX)(=fCvTOi9Cc).t2S3VT3k-,zv[(v@M{vpeEovniV]BB+y`rW?d?1ROz5eT7E7clu_N=QA_*xvA]X7xQ}l*NYZb)g=.sZVf]k+y[trQH6'Uf(@On.r^Pq%Quc+D^U2(a8ADhbOgj4hLEH+S5bKhb2?loQA')CGx2n+a)s@-Sa8o@OL61+9L*+*@I4^T4j8@jNqjJ@p.le0fJs1'On=yid!B5]c8TIVl-kpZtv@,ojG&GVyEzFr6]8r!_x9`2s.R'.SiA()N6x=4o`A5vc!cxg5-0*-wnG5MB-@NNymRFbk&zrB_PtBFpQ=vs&0YNk3-KFdLmRdX+&?QH3`k0^PN-^GVi0}!io?'ex~[K1=r?,%sTfKOky@8mjUqStO6G" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4036164967-79857088-4218871072-1005\Products\1BDDCFC5C6A8D23489B790ECF1F2171D\Features] "DATA_GAME_SKINS_CAPPUCCINO"="M=w%Eh~lJ9(X~H_^F4tqa8A]Na68c8jt6nMZrT'*_cjjUt7UI=v@lHw&L]{CJo{0=SprPAJcU'9F~ghu-hpx]TH(s9mi}GwFe_X90}SGx*F6V=SzQ@sD~=(8-}(zRQ-?.ACbL@Q(]+qR]FP5o}.^3ABIW.8eaHl=-2(xT1J=k=!XD[s'Mm0$Q,W,3L]y@9FQk4T]kbVrCDtA8`}Qe=Zgovz}~&M.aYmkRDKJg@aR6kQ7*t7]I$c)qH*2Z9-J~`^)acBE~6NZ+S0+{9+-beOtEaUMYk*'9}C8{9JRx}cEs0{3[4s-Zcmy=95c_O)dtfKjAC1.FSyL)A`cV8T'~[5%$1`m,z%tI?44P2Dh?DnGN9vfHC3@89{-YD[5[+wBo+0j*1Dr%@`?%R3F^t8avWANNFUYw=_-LK'(j0Cw9`N^$5Wjl@VR+R8=z[4RsDysI4mOh8O{Z0jV'uu@Om%h=8kB^8_~CgRsZ.h^J-cx1MCj09MEWy=Q52lT9-Ib@KYPU@=O(WjS0~e)LO)=eh&q]8RO~'1PDq}54,KksLf0XAmtY4aw(5GJOU]U*Z@OZ9WOf@C-]!obH}_7x4gCH=gQn(C5+Vft06v@4'f!e=.~oerHabVmw38SSU*iD?b!+an-Xa{+}}O71q?D(A-hC-ya'`)Dft.~Y2+0FA5]okns'RXRu$3fBk~Q(=3(m1IVFo2?oNGtNhnP}?!pWmni{+AQ5}ZARh@%Y8?_`-=8BwuY?$9MHDY`v9Lj'$)q6,V&Wy'F9a2Zv9Lg{KD'A`8F!,,=H!Ntg?@{j`d^]L}rs(*(QoM4b8[Gr6vMEDK_h+RbatO]69`(h0+$a1{o1bL^=R?Pf@YWGJ9&vIeXkG$^p]'T6AMZap.u=B^'q@Yk*EAGz?EGS@(~[D@W=yMbR*1-i90adompAWM!cLqpC~xUK?Bz.5h!,oIR^M@+!?mc'?U?x4A&0{7wzTS$8Du,N@GH*.pb7Iyx%b[lij8^.@]8QS'GFk21gzX@@gI^l=%]dk7,^,vP6G@^YY&AB9&[QWjU_oVoN)`CIFanQ=,ahL.Z8v!JLR@gwN9+m8qbB[QZ^X{4MSroHg8S(=+x^~5L@Y@=)Tpy0xGt8=i(NQ%_v^(GBrv85Q`j3=-hhJpMgw3Ua'xC,yTJ7?oLg,,]0b&=QHNE(56O'AjS`$L1=,,wy2{8AU(K~@sxEBhq)9n`1B[qR+OAM@n@]i2M?!5GZ2[YFrR&S=mY))Nczj]))3g%xb$p&9eY{A5!iWHpy@Lq5r0iY9M]dgC3d5aNEC(_99E`T=Q3j1t^rC(%Fr?i89B=,@$jnss^nJ&l9`1rl-io4=T9qq?H}Q}zeHv=8(Fg+=!=,!D+0GR]5E2%]n}HNA$q_M_p[7-WSvG&_M1bL@mfq*n2C+!S)N^UioR?*?Z`0,NlK[~3jILPbEwz19{zHlXKM63V)sEF2y@Lg8eupi4&08KpRPv3,A@H8@ijuydcTyRNR6wjem5BJAlrpcSu39SnSfT6v9BaZ?!5$5j8y6p%doPz3D]fz8gj1C`na8?I-v5DhRQ$PAp^mp-ZR7$MQy.br2HKb?jn9&zv=@)PYyNHq1rU=9vS&1AVY,wp0CI5FNp!n8OKs-m%$to@h$]T,~@([?2mUAdbQ9ECSUFG1vYaf@eh2%hK8Q*MNWHKH+31i@*z5n]e^qIb$Dw7k{'ZP@3$A5m$x0@oZ.AyI+VB2=vZ$bIMyjA]f^1`Rk7y!9r%i55ZWBardDx~h=inO9imTJ6O*uhH$`16juVba8WnFoE?tMKqkPRUtIE](@Jc@9uMNFyy!vwpv,7C]=UycJr,*$~LE6p-b8*O4AivgU35&X!wSP2}ngf@19,k4]]sIhCK&-9PW*$,c9wM,9P1dYIY3P]L2kyAH?yAAz+nVSEnj,fri~sr,?PqR,1f'gI3C`'ra$JA*@-LML!2[R0?41?gHSmQ)9ToF3SiP]Wxl06sC!Gd%9plGb%B[aKPD{cvq6zJ}8kQW$e{`qUi{Q=QG&wY,?qPDiuJ}_dyO7rfDVS{HAY^^2R%&wB0,M!S6OUxt?E3n+*h+y'7WRmcnv,z'9m4Yijrnw&j{*nS6ZCFA=~k,`T6}[P2!cPKyND?I9Se&9JooshP!.oqWuq?+9zKfSXQyvEQg5{SU`_+w?N^kolv2r1IEra,$nYvz@ZeoS`E?fQ6-qdt)VTPo=Y%l+_5Go.U)87?]AD649J{hFTYD5*t@CpJQLM]'?Bhv005bL!me~n4UMi{~8c=3FB=XPeAiC%wMu@YJ@I+DPZu'BYJK-8F@ovy.9xWozig8CQ[+3+0o']R_?Z8VctG]T6d.Y~%BN.0c96C_vf{G[`3.f~yY$vBy8Q1o^(Kk2FiyB_3z8?6%A$h=5fDy_@DGE!Bx@=@^?qmLgbp(YO&Ov{Lv&KgN=FdfKtBuiQLwP^6X+uap9$LCG*dncD(v^Tg7V9LS?6Jb1JrvYi@nIjp)qecK9(d(KGudx@i@2{$d_@hK@MMX,)X=XU34ohfnp@cQ?hM0NvE0!J]D'zbWc!L.=sk0bE?M6O6s*YBZU)oV9{g8PlGu`'WOa7!ia_-m?h5Mcd)]*M[}XfL.'9yLAUA(8e5T$O]D_)J*t]s7AD_=cYhxcMej4gB=u+}z=&[fmUndToP" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4036164967-79857088-4218871072-1005\Products\1BDDCFC5C6A8D23489B790ECF1F2171D\Features] "DATA_GAME_GRAPHICS_PICTURES_CLUBS"="~5QWBO+nPAt1'OHxl3k.I=i84AV)(9p0&!n&z$41[`jP'+%BT@lK&+h)&J4&X{~no0Iu5@wAwLyiG`mRRmJ(!]G3s@7gQy'^n9_m1AUC8kBI0?vBO`EBc(7xy6T{TFl5Q9DcX3hMB)U)m+lci=,qZ9nu}cwME(GOdLQ5ygYs^86)Ip.gI,ytR(JGo~F)eArnbzPncR+*Sm9y`VNsR?0c*7H_1ZkoL.pPv1o'd8+dpAO(ePb2q{uM%sd_}=IblAejGkwZv$~%LIxbn9=fb'IZ'yU5O@T~PymrM@fZzPqeYnR!)`(]KJT6IAClI7%w'oV'YG=t[TApd@xbXVKtohI.3VGO'e0=U?GcV[Ve(r*KSm$nbn-(%@A]a9iHW@M(WfgSY.I,N?f=qIu5ifQoX}W$LL}yg?LUYS8S[1,5vwswW1@C+At)Mun'xn*E4M})Y7PM,AN9-~kYGthqY74P=OCc1@lN'Nn%,v,_s?Stz0!Jx@ZKS(.&!rJ!`~1C?M)7i?12G_jmXXi?+EHkQn(UG=6h1zC2Aq8,!(7AfAx7P=_N+GKEL.it$aM5iExbEAJd?%!+-@Vo" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4036164967-79857088-4218871072-1005\Products\9D5DFC94655073047B6D1EE34DEB4A5C\Features] "DATA_GAME_GRAPHICS_PICTURES_KITS"="F^0%TTL{Q?rk8ER0mD9E7V=+b?ukG=gyxp9*9h)Ynz0DMj6X6?3&vDZBHYmAav_qqRA-U@ZJ?w$Xytg]x0.iKNxA}?'h,wo&3a1D_am~p3Hu^?^[w0Bo*y%h~{Y3t[h~Z@N,b7N4[eA3vtTiPc49X@m=?&777,wMUim0=G_qy=2MGXg6~dp'5QWth6*SE?CeGrRcM@s-3{uvU@yB=@&d+T@sK*d(83laDS%E(?.C91LkZndJdu!?+0yfM9(4P3@Cx&r2r70Tk5zSQAmmGlq$%lKKd^PR,RvmC=A2r?v7*1B]3cl6z6PRB9-BmOI_&Kdv=OaOWE[Z{9OG_GosddY^ets'eJ+c4?1bI.,5yEZQf!$&rz}?o@FNYs(J.(9xQ+_,WOf]b9$u.8Go9Ds_G%?0{5?4X9EGU%%-gI6dmrY]FdKEE=xVIJHVEQn-Pp8lGgq)l@x.t+hwf68.{_Y4!3Of3=cb?cx^QD'!JtyfK(o}(ApFyiK1qNDTVpu^?Zu9i=MRFl*cECI=AiVKetlmS?uzaD4[dy~qKGbI8`XR~=mCB,)yc_nFQhs&xT8j2@9-Mk-lh5cxP2u5DLhq~=E^$.WZNpd6" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4036164967-79857088-4218871072-1005\Products\9D5DFC94655073047B6D1EE34DEB4A5C\Features] "DATA_GAME_GRAPHICS"=".~[1[!qZ_@K8q0qvKa)Bb6X.y(LCu=&z3b2eUOvSn]2@V==+8=id*2lP)+,rN@kso`u~H@@mwn8@UJhs!bgz'z{T2=RbN0YhbiA*_.~9Pi!D8?!YdaTVvE[ie^Hj!-DeL93&%H6hyeZbIChBwRCT^AB'JE$(wQEGxUQK@FN+)9T,KwZO?.An_RXqF@Tm??+AD$4UTM5ILwDmAJ(MUA.71MXNsnS5CjEGnm=z=A7.oJ*V+smgQv6+YUF1K9nOxEz1Q@GR}!'D?gczK@BkL$M}z.c-{$l2-VPDB?)7'[ifgNa)Z!=x8(g0o@PyQT`HQ_1*L`'~0_95G@G=o^@^PyKdun_jqKui)@MJ~=ULkhzpq_E~xH2Rr={5_.WZx-zs[oMA6+m}w==wZ3^-*fEFj]7FqsJa.=SG1!3U*8tEt{?xgKyAIA!k.*$ki%S`=.U+vQr%{8B_zUziIWq')Dr@sqLY6A2^T$l=JGJnGUVsvtfQH@&cK4adadXe~DlpMh)'t@4z`P(mJvfmugqeu?f{^=CO*7D0EOQkfA*&zfn{s?z)v{Qm~M?BduAlFGoqm@-bT9(6fn+z2MjhZx&a*?!0a_sT(*OAfZ6'!GkW'={[R~D@COvLieGLHB$Fk8qC9Y699aT5TmUcNByN{@jLaUs_'Bh]tN}2lXSkL?@6Kr[&b+_e'aVm,Dg[G@jZS)ZSu)rLP@5J)1`GYA8M-5,sq1LVDeTW,,Qb0AI9@f^cjtWwkJ@Ln6j_ZA5Eqk5B~Hmv0ir^eSD8^9H~1Hc@$`PpcIP+,j`9f=E^CWT+iDubywMK+4e2e=z3LT@jcUziTBR!NG-jp?gIdL1`PmOCSDtf)?]gj9k5S+di!5B'O$_,BjQ&I90iFc1N1dN9jb8aS2pVGAY83$Z,^F!'utrxFt-(4=O$Zq69+FHAM=D@kBvXV@t_2vzIfOjSXwo5n-jiK@LW.^oQjQt8nZk6HF9id8]NSw1oyQrZoHnNN&GIf@TDWKf'3O=yQ**]wsE_q@N..oJ117jy=O]!fbg0f?{1]$.^%HIR2!2P%REQ}=P1'u-dFj=z6fT$AGaJd@ANJYt)HJMwkbhx9lA&Q?clH!B=hy4OZ}[g7W538@_gSsV4!BrNT$(__^&f8@zL*VHDQ2H?tVM6C3h*R?N&L'd@JA)ye6~jCzQS894yDbR~{lPy0!7rKxKqe8dK7=H]pyi.EU4lhkFjs?r.CK0MjmhXLSm(xxHj+9~i838?`z!4e..H@~!9SAYwoV(Q^vSNks&EZ=qT%@BfP5.'!SGISDSzXsG9]9cQEDeZBk8]6snPBC_!=9mSrWKw}q.3ss2GXDZvk?ukYtOn4&9A0Jw5to[FH?,&YuywJ^^_JiAFyDuEG9%[?R'7$uML*1s+T_adi9(3'RdL`K+hg6+2*18&J9GxSBCTbXQjNz[kD1%8l8((=%7YkM$NuYD!,@ldIA+)u]JdN*SCxQNnkZjG%?!UpaO.L(Nw3.mCtE[%P9&I6I1IYMt+hulAGxkPP@Rh_(L?9tWG9}-+4`,(5AH=s6E@hiaZTZH2zn=eE9Un%3HlW`Xi*{'($cv?v8peqkb?hrjt)oBc,=Gwm8jlb&ZjrSZe$u{UJrIrv=S3V&ba6(6LWLo{?Gly2=I[TH`i9l{$mlvKQ0fuRAZbveFYKj7t77FqvAHQQAR@)$vWb=GANrN5mKpsE@=E)n27z&=$Q{+kAf7we96X0ue55M?`VM3$ou@L298Kbg?P$([pD}3yiB+Ap8?(62-K33Wj+`eLeYA43=F+x8PTcGj[O4D8W3L%g97.x+8]$0~6.'@(w*wf_8TNHWHARa`1}QF.IUF@Q@b-63HkzA).KM1Sl&ndDAnH(cL.-FuZjPWicQLoa8Oh_LXA2Ht0rUA8`D[pf=Wp?8KOI*iff!}OiMQ,U=QReiBAu8x,?alJMh9C.9sW0Kk+*1B-Uz$rUZsN_9.{lFh5JWH5Y+4tdV7Wz=F{kE2~omjkKYC7[bQtA9LzPe){k+sw9DhVd%HaK?6pSPb+M$syk&[G$Wj8cAxOkpLHeI*jUU*C[vU4_ATAfEV7kTlbg2F?nnVbj?tNly^?me~PyD}4-UezW@$Sch12d9M*kvq9X@FTLAWC-%TEh'$)$(*oh)EG,=G]KJ?5(Sf9W.!d'K)Ea8M'geg+q?6zHHRIp0STe8l5H.o*KuZbNfJbzYX_o8wf(H_mKn}'YQVuhdFSO=-[gRLBObQ4iK!8.wO~r?W!=TYSr*^%ZaV%PE~{@@Y_YI`k@tgqL7epF6[6`8mnf3z$%h6hFgrjQEsr&9,t-fpu?2[4`6{Y^XKZm@RmodnIQt@r$K%9biG%8=tQQw609%yon-I0Mk~M=9*2%(tjPQ`rp~1oPlgnXAHyl$1neSvF8Qhl'cHuB?VpJV5O7,(L)mP,m^{[i@fhj9Jy9[q?oE[&kK}Cy8h'6h'To,lIv%41ry5cr=,&vqY+Fmtrj_w,+Gt~!?s{-_qZGbxa3R=@E?'GL@TnRwLW-YFz" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4036164967-79857088-4218871072-1005\Products\9D5DFC94655073047B6D1EE34DEB4A5C\Features] "DATA_GAME_SKINS_CAPPUCCINO"="M=w%Eh~lJ9(X~H_^F4tqa8A]Na68c8jt6nMZrT'*Q`'+t5D(w9,OYcw'vs,DH{U'O1$M$AOXRWM5e+c*}cF4&=PK-AjOEU[oWs$1gS3vmlFvC@VhxO'[u4cuL({*C{88J92?Sp9~32Or6^$Xav{[M9~zQCQ[iNL%&}R'Z[7aM@WkB[ec$fgrmWHN(k300=bb+MrG3}v9zi$[Xq}Dz=dGhy?yij(1,W2W5s4dx=W$P*IR@1HM^&+)q@gM,=Mm&vzCj)R,{30m-8@`H998dOP{78M4a9&r.3B`b?r?6Uji0IyJi}0LXGVkJACNJrt8024gb99pB{'wS9a!iGuTN6S@M}.1*+3,I=%MAY_o,5gz[OPKprVXt=z='bGh]sbCWI8-{]z,C?W7Ehy2atXvkTQh_FzmB9!X^xnP=[knc}EIv[swH9e8'9yEc]zIxvbleb6n3=~0^VLG*XfPvV7vAkAd}9Z.Qb8sT!ex3rL7PGa=.=@t`sgTXxWe*%1z8o&[.?Sb6P.gRB7wZ(3MLWtlX8iX*IA8LUYZiNw4YOh$x=NE=op(P9hmCU'1f@Wed8B)~JD'2Qt8)vWLE~w109]q&(K.{ilTC9~1n2O,CA[g?AJf&G!6Zmwd(.]T[8IHBHDJzNEf]]`S6(k4R=n)[)rbeb='Onj}Jx?2V?uLyvKBtkGBpzseW%$$@AjvTJes+iR6ah'?p{0D{=J1*r&W!Bm@+cGCD(6}_8.]8QOR+sLkBW*ez6k@q=0[xC&7R{e6B6jf??+8]@$+ZF`KbK..O09RB~$K]='*W3OnDB-?{!5u's!bj@$ssZv1^'$=LuBJ$1TMl=Eg'~DVdNNd-HXySQPdy=%@$XE'z~c(E7(c&7uY^8bG%S]=RyJGg,wN8`Rf)?-E$whIv(Cj-Vw-7aGSNA23%uYy-P*A4rNcT_kS(9^J.dEL?d2[2{Z}0JVg+?c5REGCx=VDg!2n!%^eK?P$*G?ymNj@}JZU7)j-E9-JIi$%$Ksa(.cD^(%Mw@bNU7s5LbT^]__j'=N4P?9bt.aKNWA=+Ca96=?7)9G]**0LH0qmPm=xUS!H5=zx37=_g55@[im%.'2Tm?XteTD66fbU6)}8bhXNl8SsTCmYGHt.o%l9w-Y&U?CqVJgqTd?n%.W!43t*}=V]?e.egd&!x-bfunKj!A!G?6Me~VMAVPWcW8cYE9sVSKf9g}NsSS'R'kZ-0ApMMGsJ(cdS]aXDDe=!q@mEwOKTE=&*ywdqyvKpb?F1]+X35MCYSmpp_rJYO@OCb?@{b?XU4Xyj3Rf^K=)fPlJb&0~b$ov6],CR3@?WG{Rt_J4&.ZnccDW{V9c,]6H@,W6%]e~zfOpC(Agyn8]Qm5}&,r8)'%%}[8^nW}UD_@*qX'3jIqWjj=o!F1SMijS)Ps7WTx5.}={.8z=*P(PqDk50dAHoDAhlJL)'GhabEft4?DSOd88a2WQaOuV=SIMQtOzm}9AjQKJf.`lI46b[MpO3`9oxmDfDyBK*U3z@=Akcy@ZAkfL,M'5iS&2i=]_+WABkV3h3XA_1`rm}*@yhi=~3lgBkVV'jN+O5`V's09wL6}uxd6hBJ9jvQG)eY9`Tc?W*^e5tm($D[}1uG97VxF8wWog'HiuCEC=e&?V9m7^!57'`Mtt[z!&KA?Lb&uJpsChiO6nk2cux%=T%Ys[.pQIusl%=-*tu*?-LYs,W7QIXKokTtvc@G9J6,tKH,8DJn=H279{Ft@'9DWYg7Zoz`Vi(zb2.a=)^ay+'XE9jyE^CkaKO$=C]$)3?[Cg$w-gX2nxfYAq[5M_hv)@d=iIWDEee0AT[DoWdE}5*Tw,D5H?$e97Pww's00r.Ewz)OC'kI9kJ?kI~&asj'D[vmo4NL?%TDSEYbNGintQ4Vp.1WAT~_I-Eq2w4XbAgR[d&I9)i)jL[~KSHy_PajjO0y8f$AmGeBWEE]c[TrLgGK?PO=d`htaI`uY?24,Mrk9CKW%WLS}trD9TVI?8Q+=bie!tvI,0.)S3{pZU{J?y93Fyq+-te{IVb_j-?WA0k6IsQiD6rj+BcJ!1yL=i=%HBDFZmn^gQ$XVUhb9,p-q&__T%gin95=(z)c?7Lvb.Igo)XH]A9G}=1Y?riR,T63hQx2sgU*068}@P55q%0!h%yOzxb`kFBg?5%+Ya7][+G&uu+,}l@'AwUQY'Dz4stnOyMP9P,B9gz}su.zJaMt&=8&'LaZ@ONwA[$9BUxn)M5CR=2C9&]Ang]@ibE4I^IBNKD}8Cb.fn2}]IwD'y9DfC~Y=QEK?'h(q*AcMEZ@Vx$Q@&DwpfQ!TJ_ysGX*gI'z?.-TLU!Ol}c0KHWRLuy*@C?VK_*3kB1ukeu_rPJ?98i-Lt3,JS9)8fvzuI]P91Sz-zj%ZPX0Ll%kH=!d@[pUXW7{8oh4]ryBXsEt=l5bC1ajOl[DC3{N8sl+9eDK??-q%hp!og3UDsC&@DLrY?)Q48&VO8&]_(mN=b`v=$A_MT=0~Y]LXsEB9.ytJLf5cRR[l@h,JRCd@4aTT%C!YTwc{k+,^JK[@41Utg~)&TEMCM'5fqlA=H8r`^OdVQfUYZ{o7fgA=HNp!)`hI&43p%GJvkqs?QbGD^&@NQy2aTGg_]}f8UggS0ekNt.Rut&Bgkj5=0QoRobFf!c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4036164967-79857088-4218871072-1005\Products\FF41E933CDF89084AA2F78AB2209C5F7\Features] "InstallManagedDX"=")qMARNvz5=bOe]jtsB8+I02=3-p'`=X]Uwt.NXQc@gF_Hvl3bAsxo7Y+8j9{bHQtWrc(u=OAQNgs?FD1JFgE-0PQy=cHY[ZehPMNJT[Pdi&NX8_J?_OR@_jt%_SF69,o`9fU.%){q](tv``V0b4VJ9mx8Nh.hPL[@ERvJv{dbArc]0WF]*j*5&CFnk.P`9tJ$u68yh0lr.Y2Uch7m?zgfkmp'w%jD.aiPr_H19v,$]]1]bNbpfauM3n-m?0h.Hx}Z{]=_][jV-[d^83AE'!.k!3Y1bXy*_dct9y5i,O~*DZlQERXjf&-!=Y?o,BLKWvodQDD4Ivhu@gKcCFjR!-l" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\cert64.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\cert64.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CERT64] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CERT64\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CERT64\0000] "Service"="cert64" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CERT64\0000] "DeviceDesc"="cert64 TCP" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CERT64\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CERT64\0000\Control] "ActiveService"="cert64" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cert64] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cert64] "DisplayName"="cert64 TCP" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cert64\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cert64\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cert64\Enum] "0"="Root\\LEGACY_CERT64\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\cert64.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\cert64.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CERT64] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CERT64\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CERT64\0000] "Service"="cert64" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CERT64\0000] "DeviceDesc"="cert64 TCP" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cert64] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cert64] "DisplayName"="cert64 TCP" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cert64\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cert64.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cert64.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CERT64] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CERT64\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CERT64\0000] "Service"="cert64" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CERT64\0000] "DeviceDesc"="cert64 TCP" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CERT64\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CERT64\0000\Control] "ActiveService"="cert64" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cert64] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cert64] "DisplayName"="cert64 TCP" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cert64\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cert64\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cert64\Enum] "0"="Root\\LEGACY_CERT64\\0000" [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\ZFA.pbz.hey"=hex:0c,00,00,00,00,00,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Ibvyn.hey"=hex:0c,00,00,00,00,00,00,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Thvqr qrf fgngvbaf qr enqvb.hey"=hex:0c,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Pyho qrf Cneenvaf.hey"=hex:0c,00,00,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Rpurpf.pbz - Npphrvy.hey"=hex:15,00,00,00,02,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Yr Zbaqr.se N yn Har.hey"=hex:1a,00,00,00,02,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Tbbtyr.hey"=hex:1c,00,00,00,02,00,00,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\NyybPvar Pvarzn.hey"=hex:36,00,00,00,02,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\Bcra-svyrf.pbz Nvqrf, Ghgbevnhk rzhyr rqbaxrl birearg.hey"=hex:45,0\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Pbasvthere fn pbaarkvba NQFY.hey"=hex:46,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\uggc--nozqserapu.serr.se-cntr=ppz.hey"=hex:7d,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\Zrgrb Senapr - Cerivfvbaf - Bofreingvba - Pyvzngbybtvr - Ihytnevfngv\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\NACR - Npphrvy.hey"=hex:88,00,00,00,02,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\Cyna qr Senapr, pnegr Senapr, cynaf rg pnegrf qr Senapr.hey"=hex:bd,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Tnzrf"=hex:d0,00,00,00,00,00,00,00,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Y'RDHVCR.hey"=hex:e1,00,00,00,02,00,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\jjj.Nyy-ArjM.se.fg - yr zbaqr qr y'vasbezngvdhr yvoer.hey"=hex:ef,00\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\vgvaéenverf ra Îyr-qr-Senapr, genafcbegf ra pbzzha, cyna qr zégeb, g\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Rpurpf ra qverpg - Rfcnpr Zrzoer ''.hey"=hex:1f,01,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\N Fznyy .FUA naq .ZQ5 SND.hey"=hex:27,01,00,00,02,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Abhirnh qbffvre"=hex:2e,01,00,00,00,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\erprggr\\Erprggrf pnaanovdhrf.hey"=hex:2e,01,00,00,02,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\erprggr\\[ ploreqvar genafvg phvfvar zragnyr ].hey"=hex:2e,01,00,0\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Lnubb! Senapr.hey"=hex:33,01,00,00,02,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Lnubb! Znvy - Yr zrvyyrhe znvy tenghvg.hey"=hex:33,01,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Genafsreg.hey"=hex:3a,01,00,00,02,00,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Yrf freivprf Jvaqbjf - Mrohyba.se.hey"=hex:3a,01,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\YN PBHCR QH ZBAQR QR EHTOL 2003.hey"=hex:58,01,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\Frpgvba Fpvraprf rg Vatéavrevr qr y'Raivebaarzrag - FFVR - Npphrvy.h\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\Fgengrtvhz-Nyyvnapr Yr Cbegnvy Senapbcubar qrf FFGE.hey"=hex:3b,02,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\nyncntr.pbz Cnpx KOBK.hey"=hex:3c,02,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\Bcraqvfp® - Abgrf grpuavdhrf - Fbzznver.hey"=hex:4e,02,00,00,02,00,0\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Erprggr - Pnvyyrggr.hey"=hex:61,02,00,00,02,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\cntrfwnharf.se, qrznaqrm p'rfg gebhié !.hey"=hex:68,02,00,00,02,00,0\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Znva Cntr - FhcerzrJvxv.hey"=hex:6d,02,00,00,02,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\Fhcerzr Ehyre 2010 ol OnggyrTbng Fghqvbf.hey"=hex:70,02,00,00,02,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Hagvgyrq Qbphzrag.hey"=hex:85,02,00,00,02,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Yvsr Yrkvpba.hey"=hex:a5,02,00,00,02,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\Npphrvy - Jvxvcéqvn, y'raplpybcéqvr yvoer rg tenghvgr.hey"=hex:a9,02\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\GbeeragObk.pbz - Gbeerag Yvfgvatf.hey"=hex:ac,02,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Nytbevguzvp Obgnal Ubzr.hey"=hex:b7,02,00,00,02,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\OVYYRGF QVFPBHAG - Yrf ovyyrgf q'nivbaf nhk zrvyyrhef cevk.hey"=hex:\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Yn Cbfvgvba fhe iéyb.hey"=hex:ba,02,00,00,02,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\QbpIéyb.hey"=hex:ba,02,00,00,02,00,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\300 Zhygvcyr Pubvprf.hey"=hex:bf,02,00,00,02,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Flfvasb.hey"=hex:bf,02,00,00,02,00,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Gventr cubgb - ZrvyyrhePubvk.hey"=hex:d6,02,00,00,02,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\nhqerl rnh.hey"=hex:f7,02,00,00,02,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\nhqerl rnh 2.hey"=hex:f7,02,00,00,02,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\YR DHBGVQVRA RA YVTAR - Y'RDHVCR.hey"=hex:0e,03,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\Sbezhyr Sbbg Ibve yr Sbehz - Sz2006 yrf wbhrhef.hey"=hex:20,03,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\Tbbtyr gvcf Nfghprf rg sbapgvbaf qr erpurepur Tbbtyr.hey"=hex:25,03\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pf\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] vqy6%\\Vagryyvtrapr Pragre Irvyyr - Erpurepur q'vasbezngvbaf fhe yr arg-Va\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count] "HRZR_EHACVQY:%pfvqy6%\\Gbeeragfcl.hey"=hex:25,03,00,00,02,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-4036164967-79857088-4218871072-1005\Software\Microsoft\Windows\CurrentVe
- le 14 novembre 2005
- 23 réponses
rapport HijackThis

elsekri a posté un sujet dans Analyses et éradication malwares

Salut à tous, voila la suite des événements: Je double clique un exe non recommandable, puis - Avast me préviens qu'un certain hoaxalrm-k fout le souk - j'éradique comme je peux les processus lancés, notamment un c:\windows\tool2.exe, et les écrasent du disque, ainsi que l'exe malveillant - Deux programmes plus avast tournaient à ce moment : Giganews et iexplore - Reboot : tout marche apparament, sauf que: quand je lance Giganews, "l'application n'a pas pu s'initialiser correctement 0xc000000005", quand je lance iexplore, ca pédale dans la semoule et puis... rien. - Je vire Giganews, je redémarre : écran bleu à l'arret, vidange mémoire physique, un certain driver cert64.sys est évoqué; en le cherchant sur mon disque, je ne le trouve pas. - je désinstalle ma connexion (livebox), lance un full system scan avast, rien, désinstallation avast, reboot, écran bleu - je réinstalle ma connexion, lance firefox, me renseigne sur hoaxalarm, pas grand chose à part une page en allemand que je ne maitrise pas trop : http://board.protecus.de/t20153.htm ca a l'air intéressant mais je pige que tchi - j'applique la procédure des forums (+ un ad-aware), pas vraiment de saloperies trouvés, voici le log hijackThis: logfile of HijackThis v1.99.1 Scan saved at 12:25:00, on 14/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.clara.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O14 - IERESET.INF: START_PAGE_URL=http://www.clara.net/ O20 - Winlogon Notify: cert32 - C:\WINloDOWS\SYSTEM32\avpx32.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005\RpcSandraSrv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Je pense que avast était complétement comment dire euh, infesté? En ce qui concerne le rapport, j'ai jamais entendu parler de clara.net (R1, O14) et du plugin iexplore (O12). Voili voilo. Bravo pour votre boulot en tout cas, et merci d'avance.
- le 14 novembre 2005
- 23 réponses

Connexion

elsekri

Compteur de contenus

Inscription

Dernière visite

elsekri's Achievements

Junior Member (3/12)

Réputation sur la communauté

[AVI]Ventilo 17 pouces

[AVI]Ventilo 17 pouces

ça me gonfle...

[avi] DD externe USB 2.0

rapport HijackThis

rapport HijackThis

rapport HijackThis

rapport HijackThis

rapport HijackThis

rapport HijackThis

rapport HijackThis

rapport HijackThis

rapport HijackThis

rapport HijackThis

Zebulon

Outils en ligne

Naviguer