Sujet Précédent Sujet Suivant

Je craque!!! win32:trojan-gen{other}.Help!!

Fermé
elektripustul - 15 juil. 2006 à 15:47
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 17 juil. 2006 à 19:18
Bonjour à tous!! :-)

Voilà, je me prend la tête depuis 2 jours à essayer de me débarrasser de cette %**!! de virus Win32:Trojan-gen{other}
Il a été détecté par avast avant d'infecter l'ordi, mais la page d'avertissement reste en permanence affichée malgré tous mes efforts. (et même quand on essaie d'abandonner la connexion, comme le propose avast)
Le fichier est http://85.255.115.187/users/fill/web/images/rzspy.exe .d'après ce que j'ai lu sur différents forums, j'en ai déduit que la bébête se cachait dans le cache internet. J'ai donc essayer de supprimer les fichiers internet temporaires. En vain.

Accessoirement, j'ai évidemment lancé avast, ad-aware, après les avoir mis à jour, d'abord de façon classique puis en mode sans échec. J'ai également lancé ccleaner... Tout ça pour rien...

Que puis-je faire d'autre?? J'ai fait un scan hijackthis, quelqu'un peut m'aider si je le poste ici?

Entre parenthèse, avast a également détecté un Win32:Tojano-1269[Trj] qui a infesté le fichier C:\System volume information\_Restore{88F0EC16-5093-454D-BD2D-4DD02919E000}\RP88\A0045406.dll
Après un scan au démarrage, avast a réussi à le mettre en quarantaine. Que dois-je en faire? Puis-je supprimer ce fichier sans risque??

Merci d'avance!!
Une novice qui apprend sur le tas mais qui commence à en avoir plein le dos.
A voir également:

15 réponses

Réponse 1 / 15
elektripustul
15 juil. 2006 à 16:02
... Après réflexion, et même si je sais que ça ne se fait pas trop, je poste ici mon log hjt, histoire de gagner un peu de temps.

Merci mille fois à celui qui m'aidera!

Logfile of HijackThis v1.99.1
Scan saved at 15:08:56, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\famille\LOCALS~1\Temp\Répertoire temporaire 5 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presa...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://security.symantec.com/default.asp?productid=NPF2004&langid=fr&venid=sym
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {D2B62CF9-F768-7060-355E-361C2358B9D3} - BoundRec.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [utsgmon] install2.exe
O4 - HKLM\..\Run: [SysSupport] zantu.exe
O4 - HKLM\..\Run: [dmsgz.exe] C:\WINDOWS\system32\dmsgz.exe
O4 - HKLM\..\Run: [gzemi.exe] C:\WINDOWS\system32\gzemi.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [sbin] uio.exe
O4 - HKCU\..\Run: [XTermInit] avpmondll.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.servicesalacarte.wanadoo.fr/activex/zylomgamesplayer.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://jeux.wanadoo.fr/online2/diner_dash/DinerDash.1.0.0.58.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B791F7D-F0E6-40C6-B2BD-08733FBCFCB7}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8F6892-852D-4445-B0AC-CBDD972B1F58}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CEAF50D-C4AC-4BB8-95A5-531BBD8958CC}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DFE9A10-0685-48A5-AFAB-E31095DD47A9}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4ED0E27-65D8-4147-9C7F-B31CD18535CE}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


La corde ou une balle? J'hésite... Ptèt bien mon PC par la fenêtre..
0
Réponse 2 / 15
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
15 juil. 2006 à 16:39
Salut

1-C:\System volume information\_Restore{88F0EC16-5093-454D-BD2D-4DD02919E000}\RP88\A0045406.dll

C'est un point de restauration qui est infecté. Si tu as des alertes provenant de la merci de nous l indiquait. Il suffira alors de desactiver/reactiver la restauration systeme afin de recreer un point de restauration sain.

Franchement? Tu tombes hyper bien !!!

Tu es infecté, on va te desinfecté mais permet moi de verifier certaines choses s'il te plait.

Telecharge ceci:
http://www.billsway.com/vbspage/vbsfiles/FileInfo.zip
Une fois que fileinfo.vbs est lancé, il demande sur quel dique dur on veut rechercher le fichier
Tape * pour rechercher sur tous les DD.
Et on valide avec OK

Ensuite il faut taper le nom du fichier sans l'extention, donc tape ceci:

install2
zantu
uio
avpmondll

Le rapport donne ceci, avec la date de création, la version quand elle est dispo, et le chemin exact de tous les fichiers trouvés Fournit moi les 4 rapports stp.

D'autre part,

As tu dans ajout/suppression de programme ceci:

kill and clean?

Merci a toi.
A+
0
Réponse 3 / 15
elektripustul
15 juil. 2006 à 16:43
Encore une précision: j'ai bien essayer de supprimer manuellement la bébête dans son repaire, mais je m'y connaît peu en ordi, et je ne vois pas comment virer un truc qui se trouve dans un fichier http (j'ai bien essayer, en mode sans échec, de vider les fichiers internet temporaires, mais c'est pas plus efficace que le reste...)
0
Réponse 4 / 15
elektripustul
15 juil. 2006 à 17:09
En ce qui concerne "kill and clean", mon père m'a dit l'avoir déjà supprimer (mais il était bien dans ajout/suppression de programme).

Pour la restauration système, pense-tu que désactivation/réactivation puisse suffir? dans ce cas, j'essaie tout de suite!

sinon, pour fileinfo:
1-pour install2:
c:\program files\aol 9.0\install2.log
Version:
Created: 28/02/2005 20:22:55
Modified: 28/02/2005 20:22:56
Size: 35 359 bytes
Attributes: Archive

2-pour zantu: cible introuvable
3-pour uio: cible introuvable
4-pour avpmondll: cible introuvable

j'espère que tu pourras en faire qqch quand même...
En tout cas, merci!

PS: Au fait, tu peux pas m'aider pour l'autre problème (qui me prend encore plus la tête, à la limite!)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
15 juil. 2006 à 17:23
Non ca ne suffiera pas, tu as besoin d etre desinfecté, suis la procedure que je vais te donner pour ca.

J'ai besoin de deux rapports encore:

1-Télécharge Blacklight (de F-Secure) a l’une des 2 adresses :
https://www.f-secure.com/en
https://www.f-secure.com/en

et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse

2-Télécharge le FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

O4 - HKLM\..\Run: [dmsgz.exe] C:\WINDOWS\system32\dmsgz.exe

O4 - HKLM\..\Run: [gzemi.exe] C:\WINDOWS\system32\gzemi.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B791F7D-F0E6-40C6-B2BD-08733FBCFCB7}: NameServer = 85.255.113.106,85.255.112.167

O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8F6892-852D-4445-B0AC-CBDD972B1F58}: NameServer = 85.255.113.106,85.255.112.167

O17 - HKLM\System\CCS\Services\Tcpip\..\{7CEAF50D-C4AC-4BB8-95A5-531BBD8958CC}: NameServer = 85.255.113.106,85.255.112.167

O17 - HKLM\System\CCS\Services\Tcpip\..\{9DFE9A10-0685-48A5-AFAB-E31095DD47A9}: NameServer = 85.255.113.106,85.255.112.167

O17 - HKLM\System\CCS\Services\Tcpip\..\{E4ED0E27-65D8-4147-9C7F-B31CD18535CE}: NameServer = 85.255.113.106,85.255.112.167

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167

Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

A+
0
Réponse 6 / 15
elektripustul
15 juil. 2006 à 18:14
Re!

Voici les rapports que tu m'as demandé, en espérant que tu pourras en faire qqch!

1-Rapport de blacklight:(il m'en a édité 2, alors je te met les 2)


07/15/06 17:35:54 [Info]: BlackLight Engine 1.0.42 initialized
07/15/06 17:35:54 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/15/06 17:35:57 [Note]: 7019 4
07/15/06 17:35:57 [Note]: 7005 0
07/15/06 17:36:03 [Note]: 7006 0
07/15/06 17:36:03 [Note]: 7011 1768
07/15/06 17:36:03 [Note]: 7026 0
07/15/06 17:36:03 [Note]: 7026 0
07/15/06 17:36:14 [Note]: FSRAW library version 1.7.1019
07/15/06 17:39:30 [Note]: 2000 1006
07/15/06 17:41:45 [Note]: 7007 0


07/15/06 17:41:54 [Info]: BlackLight Engine 1.0.42 initialized
07/15/06 17:41:54 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/15/06 17:41:54 [Note]: 7019 4
07/15/06 17:41:54 [Note]: 7005 0
07/15/06 17:42:30 [Note]: 7007 0


2- Pour fixwareout


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}397845519327-BD0A-D164-600C-CD706A18{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EA421129D2FD-9A9B-8A54-897F-07E03E78{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8F2CA9B4348A-2368-B014-7537-24E5F06B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F5679C2E8B01-7898-39E4-74CB-9F7A879F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EF29FDD12D28-F5AA-76B4-8971-33D8FAE5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CA7E1F26CD42-87CA-D594-A9BF-E5948337{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7473A43D58A1-334B-57E4-DAF1-EAD7BEF3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7A9C63BA6A66-5BF8-B3C4-BEB9-2538C054{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C8A54077CDCE-DE49-2CF4-74F5-0B5F82AE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}823FD6A42887-DE7B-A914-EE8F-7E803FA3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E78E14F15B0-A4AB-F854-3AD5-4BAAE479{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9E84AD35B3A6-2BAA-8EE4-F770-10E6E9B0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}72C5D47774FC-7ADB-51E4-8FB0-0EA2D80C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}70E7E0416064-D2EA-A6B4-DBFF-5B9D6291{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3958E6B3C8F4-81EB-89F4-C214-6C099B71{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A292053C70D5-45BB-97A4-A0C5-C2DAEBB8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B665FD0BAC66-0C1A-D614-889D-A3E7A4BD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}492F688234B2-3BCB-1394-F9F9-00168FCB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5F719278A22A-18FB-4A54-8173-2FE88F76{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}08443D8A74E1-5338-C274-891E-5CB4E06C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}290877CF9DBB-FAEA-DE84-B2DD-1F73810F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}66817DC9EFB7-82DB-B6F4-C31A-17DC1575{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2670F7117663-D0B9-BAE4-F4D1-64F7DE98{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AA951654D154-7188-1F24-623C-41B06494{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EDE03347396F-B6AB-FCE4-F42E-39B97551{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D5DFDB652D0B-BB5B-9414-11FF-2D29C25B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D44CA1EBDF84-BDD9-0B34-7846-EE14F105{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}78418C7F2472-5C69-2134-8B05-73E89E85{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4764127AB504-CABB-3F84-E6B6-0BE6C088{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F1FED9BC99E0-E3CA-EC84-990E-9A207035{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FCBC89CE525F-C118-3BB4-236A-BDF6FC18{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BA48DF827910-102A-80E4-11B3-D37559E9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}47C3715A5775-9C5A-C274-EFFF-13C588FF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EB2BC6B1EAC8-674A-BD04-FBD7-619B54EC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5595CC020F86-36EA-EFA4-13E4-6E974979{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DA47F42EDEC6-5F59-B924-951D-4F26457F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}80DBEAC57EAC-65EA-FFB4-0A99-FB85C0B0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C5D8C7826786-9D58-DE74-68B0-AD5B1ACB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F37DC46864F-295A-7B64-2B4E-7E016B38{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C0DC39D32C67-8BCB-0514-BC19-22ECE193{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}59CA8036B196-E658-B5F4-635D-CA6F2F4C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6F80EDAD3C49-7768-4C64-E44B-7B37F972{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D0843ACE5509-D779-6354-CE74-04B8FAA7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DF82C265CC31-E9BB-0104-1A1D-EC85C5C4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8B76BF7A8AF9-FEBB-9FA4-95FA-70A5B3B6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}16AA8CAF4ABC-15D8-D344-B36B-66F58297{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9BE387608CE0-5779-7724-6657-CEC4B101{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C0341E59705B-7CCB-CE54-780E-BA8AB4D4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D277855E8F29-2949-95A4-5864-E3DFC1F2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3E680A7FD2E9-77AB-EF84-D8F8-38320A76{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}81D46CB643E2-FF99-CB44-E26E-671BAD2D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E99FC5F8BF43-662B-1F44-9D7F-2A826E64{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F2295C505120-94FA-48E4-2831-92596FB3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}27067D59AD87-D8AB-3514-6832-717EB131{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A870150AFA40-6AD9-2434-7106-3300609F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3CC2E2C08257-B248-E794-701D-1DDA9671{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0033EA96BD90-B238-D9A4-B936-E3C4737C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B25A976416CE-2C1B-5A84-5320-E833E572{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}702C7EE468EE-388B-5D74-3EB8-A4D463D7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}49A091211926-D5DB-0FD4-2E66-DA090C3B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B7E0B2E4B3B5-8F79-4B94-C3EC-AE0D6B23{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EAC6290D5C1F-3E6A-F7F4-056E-A2C0D84F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}389C623A5814-114B-E704-00A8-0E7D2C02{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}02CFF2FEE140-615A-3144-FE87-08BB138E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}62CA7A30AB77-7ADB-4A74-103E-CBC9A34B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F09D438FF9E-0BD9-0034-0DC6-137B71D1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4C7C01C246BF-FF59-C524-2FF0-3D905462{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E73602C733BD-37DA-6AB4-D514-ABDFDEE6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}81A30E2C2091-4ACB-6B44-998A-14CC7CBF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}84066D184DD9-B6DB-6094-CB44-1CCD665B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6C86980F36FD-B129-6744-11FC-BC8840C5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4BB68D6036FB-6168-9294-33E3-DC1661E7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B3A91DACDD1E-E599-C2C4-77F2-626C67E9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}35BC5A7822BC-3FC8-0394-4A9C-B3B704C8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6D023EC05C13-2FB8-1C04-9D28-AC074A57{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}580915511F66-560A-D284-28AC-9800E7F4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}183D485FFA06-F5B8-0D14-17B7-CF96B6FC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B5BA0463FB97-8A0B-0444-A757-E1E65E58{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}87A62F0A53A7-5DA8-7CD4-5030-230C4291{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B8B44C12E22E-E529-D744-2EFF-0C6B8C28{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DF12EC3503D3-F8CA-B754-6F56-801A336E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D44EDC98AC56-FE3A-C044-AE9F-8B976B66{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}289479EBA874-13BA-7294-3E79-7A8A202A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F666DB508178-E108-5B04-08FB-A97A6591{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BAC3706C71AE-AD78-08B4-2B6D-7A4F5C11{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A821F739FDA5-18C9-2A84-2745-1DD9EECA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2B06CE1B9975-21DB-F654-ACDC-DA76745A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0E6933E929EF-8C89-D8D4-A234-344D27F3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}159F454D2D5C-6E48-A724-22FB-85F0DBF2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}95DB6A3EF71C-D098-A464-0338-7C580A84{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3EDD451772A2-CB58-3AE4-7EE2-74082D82{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D85C3695AC4-953B-FA94-4C73-B1ACB210{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F330C715A52-8B29-A0B4-872D-9BAD4686{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6F8E068C99E4-B469-1784-EEA1-57B30C68{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}088B46DEF402-6729-5684-F642-D5EA6A5E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}11CBDC03211E-10A9-1744-FD3E-5079EF56{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0C242C1FCAE2-7C99-D194-5393-36AC90E6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}75A678E6AE8A-A338-1CD4-8D84-6EA4FDCC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0DAD817BACBF-BE48-6664-4415-9F161AAE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B2EC327FDD1E-F149-53F4-3E80-44846448{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8F3B19AC11E0-56C8-6334-23C3-389A3854{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8482820387CA-EA7B-AB24-DAAB-AB7B39F2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}997ECA9ABC81-ED3B-3054-560B-B9FF14D4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F7C1743299A9-C1F8-AA44-2051-5DA6BF88{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E69A306748BF-75C8-92F4-B2E2-954551C4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C546931B4D1B-F3E9-B624-0B89-A87A8912{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}60CEAADD0B39-1648-3D14-59A9-B89E0CAD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}44D3FF702965-BA2A-DA64-9FEB-CCD764A3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1583BC44FA3D-3AFA-7344-0FD2-FCFDEAE8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5163252DE667-D079-3BE4-67E0-0B9DE144{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C3203C73B90C-B6B8-6C84-6B7F-535C9DD9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E3D7C41F71E7-82E8-FD14-AA49-44A004A5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4EC9F525756B-D04B-4E74-92EA-387D1540{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7DBDB6F00EB1-EDC9-BC84-5E48-22974BB6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}60513B097F46-BBDA-A064-CEA9-2DDCDCD8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D94B47431AFD-AAAA-CAD4-D476-FB49ABD2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}594FE99F24CA-AD0A-58B4-1103-65A99ADF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7C5E89846119-5818-6DB4-CE5E-B7852F8D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BA01CFD2D3E4-496A-6F64-E3C3-58D8140D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E3BA72B0C4B6-10CB-AFC4-17E4-8360BE1A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4F79D85ECCA1-ED1A-0774-0036-8D8AA3E7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CDD4507EE1B3-A019-B304-5C3D-99536EDD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8B8095F1ACF5-0E0A-FE34-F5D1-5200B64A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F3705D57447A-D339-ADD4-FD79-48A261D9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6A46390406FC-C70A-3084-23B7-283249BC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EBB56F178148-5249-90D4-3889-56CBB982{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F746EF1C4E2-8548-4864-8488-B12CF7CA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B976C261719A-5BEB-9FA4-B26C-0D30EC56{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}34EA38DE4FC8-F0A8-F0F4-753D-667BBA19{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}61BA21054BF0-A869-8744-7081-F01ED42D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A24598F369E5-6F2A-1C54-BCB0-C9C10A2A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E25D6F0E9050-36A9-4474-61A1-150AEF0C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C8BE2625A626-75E8-4544-FB13-3337563E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C0ADF02EA3E8-E05A-8574-F34F-53C1700B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7EB2F502B680-5F3A-F734-4B3D-D610642D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}25D6E3B32E6C-3488-00E4-AADB-00309CC8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3BF186A32FAC-7F9B-D074-19B7-9672A866{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6FA68A40DF8D-21CA-AE44-3A37-086E3F2B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F4BFB7E17A6B-F4B9-0014-6010-A6C197C7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FBF00A7E466A-306B-8E44-300D-05A372D2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C7A166828641-B93B-E1D4-189B-357AFAAD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3F6F231B9CF1-6D1B-79F4-C926-F038EC17{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FD1EFEB20D65-7728-A5B4-C0F2-7AF59CB4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}54EB60508D80-5DDA-A254-BCBE-85AA3E85{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A071564A6017-54FB-B574-358E-ED99B702{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}59AA609D2518-B88A-8914-12D9-44A95CA0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1C784126D709-B03A-1F74-A432-0E9DC95D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}94F392EDF5FF-A769-2924-FD02-F6842B62{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EDA1D18797ED-BFDB-ADD4-0B6D-80E7E7B0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4BEEB3364C45-3339-9AF4-0F4A-40B967ED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6E85A39D27FE-B25A-75F4-095A-7F025772{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6036243AEE1F-421A-7434-94BC-70D4CA38{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F289584DDA81-7799-0FD4-60BA-7576502F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8D62CC699D1C-1E3B-B184-251F-2F69C411{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}032C8F5C8CF2-1E4B-0E14-6C13-19A9CF49{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AA89C827CD6D-CF18-C0C4-5383-E5201140{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}36DADCCBA04B-A26B-42E4-5484-1448EC43{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BEF26A133892-49D9-1604-6BD9-EC0C344B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6190B679EEDD-9CE8-10F4-6F87-D7325341{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4DE57D1132C4-8329-5964-7250-BCE4491B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BD9499E0CFA7-5A4B-57F4-CC20-4FE1A9B5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2B9BE7E51ACC-D93B-B494-316A-2E74BD4F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F92CF62D801-E418-04C4-96F2-C12C9A5F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1CE3EA1BCEAE-D6F8-B8D4-9AB1-36ACBF1B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}682046687EA3-C4AA-7A54-2490-81589AFE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}251BA6E186B6-78EA-A484-2CD0-EA7FEB0C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EDE144BF2CBF-437B-F8E4-25E7-EBCDDA3E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D364BF22D7F3-4338-2014-4DC6-8CFECDD8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1CF452960456-DE2A-0204-3ADF-8CF63C43{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E8B2509FEF18-0289-3D74-CD84-DE90C27F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B86424CFC72A-EBCB-7A14-F3FB-299AD595{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}65FA8BF074E8-1018-C304-EB1C-3E2538B1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}70F36ABC4B4C-4E3B-2484-E175-954AB9E9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A62ABB3290D1-ADC8-E7D4-004E-BCB4E95E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1F9C4D5B8A48-17A9-7944-BDB1-D79397BF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5188ECE4BADD-6ED9-B5B4-1C11-B5B226BC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6306E5F71C77-9089-1F84-68EF-30A4F397{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}920A1A4672C1-2B9A-6C84-6123-0C235561{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6ADBB9DF4C89-2EC9-CBC4-C89C-164AEC0B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BC35261072B3-6289-CD44-4D2D-F457EFC8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}23B2084E9EF3-2128-5194-0A2C-D072B234{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E7210E0CA579-B73B-AF74-2E4E-CC326723{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E9A0110B010F-08D8-A804-5AB0-B9509DED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}80C3A40AC3E2-5D8A-63A4-EB12-0B497384{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A523B3778877-1459-D364-AF5B-73DE2BDE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B0D1DA971927-A3AB-D044-554B-31F295F9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}54496C630CF7-E93A-1A34-6DE3-2F79472D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3358BBEAC693-95CA-4B04-A298-EB6962DB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4F6D65104335-1A79-A5F4-C0CA-A2C1FE39{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F5C0F3BAC09D-235A-96D4-D42A-D415C03D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}42909DF9A34A-186B-8204-0EEA-FC67C62A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F93F285D3CB7-41EA-0CB4-9F83-ED1568C8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}298F8F0299B3-7D8A-33D4-9E9D-2F652E88{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8AC8165A6BCD-F6AB-4924-0AE5-4785900F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}01EDA1A3F646-EB7A-2A94-AE29-34CEC0E7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9417CC9B2C84-50A9-DA64-9EA2-4DB2EF1B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}116347D9EC48-096B-7A34-0BA0-0815B973{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AAC7567A969A-0078-EC44-ABBF-A6646E55{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}42110430CAA1-6F88-8DC4-8DF8-7C2C982D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D6351A98C09-5A9B-3D44-9E9F-5117B29C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}09168E4B44EF-10C8-1444-513E-2E1F6464{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}59E1D83D8AE7-EFAB-0884-14D6-53D25895{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D8F200F16E6-1CBA-7DF4-78D0-829C7E5B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FB9032260A48-FA99-2834-D75E-8AF34E6D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C0E50C25C9CB-8399-3754-7775-41468B73{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1CF7C6F8DC7C-B0FB-C914-122A-C1E9F838{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7FCEBA60A306-0B5A-5784-2989-ED55E7A7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9C5C4DD4B2C6-9BDB-5AD4-51AF-384023CB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}73299E7AF9B8-0EAB-3494-F9B8-F8B5C28A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8D7695001C2D-EDB8-0BC4-7182-B492F35B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}06EA3D26971F-310A-3724-1FDA-1F258692{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A1F76B249747-5FA9-7D44-B435-B9376549{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4C2A29B6EDAA-0898-7974-39FF-D5559D7C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}70368234BA2F-0818-2FB4-1E3D-6AE06CFF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CCC94AFBE2A1-0749-3964-7387-C847F116{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7F321269FCB3-21E9-3954-00F3-A09AF679{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8A79EC8215C0-7C1A-67B4-C791-3A1BDB29{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D6C5127853D-4C28-CEC4-EEE1-F149A7C3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}45B11563CE0C-AC2B-9454-5040-4189350D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}81F7E933B7D6-06AA-6F34-99A1-AD349952{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CF72F01744FB-AA08-2994-FF80-98694E2C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C5738EAEB4B9-F5FA-D114-3917-4CA4F776{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4F938F8F1080-D2C9-4F94-E233-FE2EC14F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3F1BF21CD205-ABB9-D784-E9DF-FBE19ABD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0F3EEB6E256E-C429-EA54-3C29-C8F10E7B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2123362BD38B-624B-A7D4-9E4C-FDA35819{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4C176B6F8045-83D8-0F14-4FDE-AABEF090{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}208D411406EC-FAA8-D7C4-2D18-DC9973DB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DFE97D2C70B9-F3CB-2734-741E-1B7717DD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DB3649535D14-AF99-7DC4-EED7-4291D8B3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A821626DB2AC-DB79-F7B4-23D5-5CD547B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E3442FBECD8C-17BA-E7C4-1602-8BEA33A7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}950ABEF18D85-3C0A-DEA4-5847-464A1F3F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}058BBED153C2-17A8-9AF4-AD6C-4D354A11{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BE132CF8218A-342B-D484-7B97-3B14DA38{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6CBE82859E24-1F49-E4A4-9D92-4F343E79{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7A422DED459B-DF88-4B24-EE03-4116A940{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}20DCC09ED79D-66FB-31E4-2AEF-A59F9EB4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FCF68E3F5812-B5D8-BED4-755C-9D69DF27{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}807E1EAB6717-3259-0204-B9F5-3B4390A6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FE6FC9BC574E-94F8-6794-8DB4-D7254A87{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A1CEC80C3F47-622A-8404-9914-8B3AC417{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A33886DF7AF8-F878-78F4-B50B-0F9DE7AD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}67CEE444C51C-6C9B-C9A4-642F-112620A4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6E38A22F07C2-7378-5764-751E-D42FA0C0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}47807DF0C7C9-E42A-25D4-3692-9E5C048B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B2CA6B2EB61F-9309-9AF4-370D-55780458{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C194E9CF61F-4348-1104-C44D-B118D312{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1F05FE5B547F-0D38-0E44-B7D9-8B6299E8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC9ED27BBFEB-2E1A-87D4-3CD9-6AF4663A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A20063D99711-2CAA-F914-7DCE-EB638EC5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1C9E0ECFF63D-9A0A-6C64-62EE-1E55FE94{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FB03F874F42B-1678-8194-A8EB-49745C37{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}107BF36E8D0A-8EDA-E6D4-68F0-4754B83C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}97199105F79B-CE1A-CF44-C40E-6D9D2EAE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7C4EA44DC1D4-0CB8-D7D4-876D-0EE6A3B3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8838C1190512-3A6A-48C4-BF66-8FAE7FFD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C3AFF6A5C772-4A18-97B4-E953-D577CB08{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D25A8BAC9277-D7C9-0B64-A44B-6EEFF554{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}52A7FF3EC229-2BAA-9C34-C883-E668653E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}79F877D09341-FB79-8D74-64D8-8F70AEE0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8C352F064CF4-77E9-AFC4-33AA-4CA3A2FC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5656920445AA-6E09-5C14-2AF5-B8871A64{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}23FF53F067C3-EF48-DFD4-BA02-72B9F744{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3F661037DBE2-D619-E074-C64F-E176FEED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}23904D92A947-B009-E094-88EE-5DACE5E6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A0F320C77594-0E88-4A54-3570-77E34585{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A78381E8347A-4AC9-76F4-4F1A-8DCB6CF2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}837BD0AC8D5F-164A-9954-7EC2-4070A851{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6FB417B31813-3A99-3694-EA6D-9BD6A90E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7EC9CF9984CC-3B7A-4264-B807-E80F15B0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7E2F4EC5A591-22B9-4384-43F5-E87CB63D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}63B427F8A07B-CDE9-89E4-6C67-E39B7B7A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}46973479947D-D098-03B4-9DE6-B3DE8A1E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E7C7D57D247D-393B-2BD4-D743-A3EB9F81{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AE54AC1C967B-0588-F4D4-7AF6-CDD69ACE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F5273DC48DD-3D79-5744-D3E7-ACAE4E38{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4325B63E3FDD-E45B-1074-49D7-C9F438DA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}47DD8F5CC1D1-1699-CC84-F958-C2515452{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F03FB3CD207D-EA18-F1D4-9B01-4C776451{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}09D4CC5E55AF-B248-FE24-C3EC-528DC2AD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}33B3D6FC10A6-F388-2D74-2A55-936C9AE2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E37887965254-AD98-50A4-6FCE-2EC51751{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E24CCB94C266-B3CA-8104-2B04-B4AF9ADA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FF532927686E-B408-6F44-EF97-44D6AB0C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B84FB070C2A8-C598-A324-2BBC-86DC6C47{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5AA619086EE6-3C9B-50A4-1818-CE880499{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C6EBCCA248EF-B23B-AD14-5DC0-D387AC46{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CA7C60DA076F-E56A-8544-F2A7-920B13EB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}22D708AA838F-5E78-FD84-13D6-32C1E2E5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D7A186818531-1A98-0C04-9E1C-C348176D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9E9905E6CC6D-B1F9-2394-4B6F-7316F8C3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B895AEDEA3E8-E9FA-1904-DE93-C91EA73E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2389D600FB2B-3899-5DC4-F9AE-CA80440C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1678EA471066-8E2A-4AF4-704B-B14F23EA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}37F0F49C971E-F908-D884-3B0A-FEFDF554{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D20BBD8C89BA-3109-8A84-6854-D1F4DCF3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}187B5F3B5EC7-374A-C774-6A0B-6264837C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9DE873FC4E74-A828-F794-B876-2100DBCF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BF7C2D5F0C19-43CA-0A54-E1F8-40EF90BC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E56D910DC640-FAA8-76A4-59E2-AB0AB9D8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1AFA6A44FDE3-9208-1894-5D24-ADCB2985{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E71BA72E541F-B859-27F4-761F-D5C346B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A3FC061AC935-6F29-5F84-15F7-4EEF13A5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}10F4B0C98B90-F499-6104-19FA-0F1992D9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}71C3057E0CCA-06FB-4394-9A5F-B662AECB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5E3A0998DBD7-8FA9-D744-9FB1-2C2D68B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}67E64733D7CB-1ACB-0814-7B92-CA73EDC0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A73EFBC1AAA9-66B8-6BA4-14C1-7DDBE7AC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}19EF6DB9CB7F-A6BA-C7D4-6250-B490180F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2D40C6C424B9-A958-D894-0EDC-AE4160F0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B87736A5E29-6F99-7414-061F-EA67848C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}18E5B69E108D-5838-1C74-A6E7-A41A5A26{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}48CBA2C6CE43-9F59-19B4-F3FC-D7BA53E4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EE6C23ADCFDA-BFE8-5754-6154-CD2AACF9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}266D325BA4E5-F28B-88B4-62BA-70AF69D1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7EDD2E979CDE-650A-9C44-5142-EED388F6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5417A64E9518-6758-08C4-4561-E6AAE0B8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C16AA230FB5C-3488-E4B4-3F65-A14286B3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D9AA57802858-2E89-B854-80C2-CF2DB2F7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6605812C2957-0AD9-0174-4996-8AF4B2DD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}24B8A4CD1C24-A298-D594-2BC9-C0990FC6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EDC389D2F39A-C449-B204-0318-6A8BBB88{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}561A1E1DAE30-E4E8-F7F4-1411-EFE00E76{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}55150CAEE0BC-A999-C7B4-1C39-E1E88729{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F3ECC92BA2B8-9C3B-44E4-F6F3-1F50A9F4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5291C872C4EA-8DA8-39B4-F68A-070129DA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AA805CE06CD8-A96B-01F4-8017-B8A3FA0A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F7EA8D31D82A-221B-47C4-3208-4345D38A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6FA3EB81AAB8-BAD9-5444-3B63-825178DE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9C4F6663A517-761A-9CA4-B4CC-E79377C8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7AF17CF1ACF6-476B-9D54-6175-49B56D93{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}413DC47902AE-08EB-3594-9800-8BB90D55{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AAA5FC4B7AB7-D758-B194-F977-E7EDF29B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}431D13C47EC7-9838-CC24-C1F4-82CDF348{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3001A3F60A8A-10C9-2394-0A0D-2284816F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BDF15D6DFC0A-E89A-1B24-4D2E-CB42E2E7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3A95A26F9DDD-5C48-8EE4-0FA9-A11B9A7E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C21906741FF-9D79-4464-565D-36D4C8A5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7EAEE7A5F0AB-985A-0414-6407-693E06A9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CE6D836409F2-06FA-F454-3979-2C98365C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5AFF0A111F04-D67B-F064-6309-E4785DE6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BE5E5B1834AB-4AF8-6DD4-59D1-C795D30F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}21A995840D6C-658B-BC54-0902-505981EC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8ACA4D24BE22-DEBA-7C24-E38D-B4220287{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3CF76DB8E792-FCDB-55E4-AFEE-FA73164A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F91BE857A273-56A8-DD64-71ED-A254D8C7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F3502DF7734-F47A-FE64-DDAA-E1FA9644{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}512AF12DD0DD-E84A-42E4-DB75-7895E18B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D9F685DEEA1-3F58-FA84-B8FD-6090EB70{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}90B3DF48981F-325B-6AB4-33BC-7A01C286{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}275898945AA8-B1A9-4944-FA00-D652332A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4FC69F92F277-2FEB-7A04-0466-542F5084{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}56B2BA4CF287-14E8-FE94-A0AA-BCE49B8A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}94C47914FD2C-E06A-7024-4CEF-2A28FAAF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1951DC981DD3-58DA-BA94-2A5B-A4CB84F1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}931D22E4085E-2039-EAF4-262C-DF139E6A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1FAAF52FCCBA-5D7A-5D64-B39C-A7ECCC0E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}68D8AAA526FD-013A-63C4-1E93-A960B34D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}03934B9497A0-B238-03B4-DF18-500DC18A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A176A69B53A5-2E49-4774-819F-3D9FCCDF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}184F88DFA6EE-2B19-9E44-1F88-10076793{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BD5FA53D7C65-352A-09E4-545D-D55B2B8C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}97544A63275D-EA8B-0784-A498-BF4BD0FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8EBA3859485E-6D7B-AA74-E91D-A9D56AF1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}800BF1716185-3909-8334-8B4D-324B413B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}68393BEF3907-7F8A-3944-1849-0B7180F7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EE04BB672379-41D9-1014-C351-020D6403{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CDFCF6E3D98B-19E9-A184-5FF1-6C77F50C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AD73219B0A6F-6918-B924-2104-8D6F3973{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E055F7E5DD8-94CB-B574-9D43-C5F0ABA8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A46FCC58AF6E-910A-93B4-7279-4FC0DBAC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}37E96F222A26-BA29-E4B4-0EBF-D2401A85{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8B3A9E3D9C6E-4B19-2F64-2DF8-EB54348A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2C33ECA1456A-D0C8-B484-8DD8-CF29B484{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9802A48C6E15-ED99-D354-5D6C-378FD416{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5B08BEAFBCAB-B9BA-64B4-CBAA-4AD523DA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}308D4552C751-D25B-BDA4-F8EA-AFD6D9A4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9530EBC123BB-2129-4E44-99A3-E4C40208{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}417B4E726125-31B9-C1C4-CAFC-F93810E3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5DAA401BFBE2-52DB-7554-D7C1-C8B45E49{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DD2E5FC4F32C-7528-6724-530A-80CE6FC2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0758DF15B7AC-E4A9-2FA4-0E44-AAAAF806{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}981109B07343-4859-7334-A038-36F5B4AD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC880B605BE7-6B7A-0C34-8050-D6C34FED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C5040A2FE34-F169-4384-9AC8-AE44C0FE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D3EFFE020754-5378-DD14-3CBF-C86C770C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7053A06BAEB4-6F79-37D4-E609-996747F1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}71DE1144CF76-7A88-C904-0B14-D047F122{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EA84B9EDA9CB-8C79-A834-9078-623DC459{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D7114FCEBD47-24D9-D694-47A5-3A9636CA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}831D64A948A5-D879-3204-36F8-A1DF8742{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7A8F25C79348-102B-7734-3FD3-0CFDD37A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2A5B5A73B399-9C2A-A434-E7CD-367D8945{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9B7413BC6883-B978-B7D4-ACFD-61D4006C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C1D97E5FF45-4669-57D4-2954-67781A13{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3E1FD391E900-E71B-2CF4-6E3A-FFA5579E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}856114B3E1BF-44BA-3094-8DDD-AA0D51B2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A0FA1F2438AC-C508-49B4-C164-BB55A81F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C9E6C819AF5-FBD9-EE54-4D2D-7B29B8C9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0F131991E639-538B-6964-6483-D2DB356C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5532E8A5F00E-92F8-2884-28B4-BD0D4D89{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}776B3749ED8E-50C8-3094-D3EA-BED37EEE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C620E861B11A-E019-0234-A8F2-2F31DDC6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CC063FC08E92-714B-3634-963E-92BBE634{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E4BFB6B48EA8-7A69-23B4-9D6F-186B3F5D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1BAB92D4A226-D50A-61A4-35AF-D073FA3D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BD5D0CB08E89-63A8-E144-E86E-5782FFE1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}518D53A4F9EC-1A38-BD14-1A59-3C76D019{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}60227DB8FA3A-353A-2034-947E-E8574CD4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5E21E8BB81A6-277A-BA44-1F11-3A22DEA6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FF0BC145692C-713A-D064-2001-2D350EB4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}629A9C9AD528-8588-4AC4-1517-A9B6F45A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E88A32D31C25-2289-BDC4-4EF3-C907679A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A4463A5C9B09-5B18-D9A4-C857-323E0D58{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0651E34E14AB-BEAA-AEB4-B1A2-E93F742C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5C7BEC5DCC9D-2018-E4B4-6022-8445C84B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7CD931B2BD29-A379-C844-2529-F5B3576D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A3146BBAAA9B-6B19-1134-A56D-9B428681{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F174304273ED-9679-E734-7D5D-F02581A2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}884034EAB7CC-6D69-F984-5DB3-2F8DFE77{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F804775849A2-A21B-7484-44CF-CCAB9F0E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D8F4F5AB77AD-F3C8-5AF4-E0EF-ACC173B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}45E9A1D81559-B5A9-F3E4-C3C8-0391ED81{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A9FC40E5A7D6-895A-7924-CD6C-86F58A92{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2B9D54AF6A96-C2CA-4B24-B778-0241A98A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}049A6CEF96D6-15D8-EAE4-7520-F1000B48{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F1D3E023829A-9048-4384-4FC2-60F11FBD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E617881E18C-B24B-1AE4-714E-3DA7B91D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4BD03548FD8D-A8F9-58B4-57C2-39F7AC55{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4DCFA0E6B386-06CA-0A64-7C99-6158E449{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}403430FBC550-CA89-B7F4-E33D-7F759D82{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F18F2D9CE99-F66B-6D94-5EC0-B4C8A9F3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4890AE038C01-25B8-77C4-EF6C-BDB24B56{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9AE6AFD8ED5A-B838-8264-C085-8F20EAAD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0761BF730E82-E28A-59F4-9FDB-BABBD4AC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5402BD17CD40-AF38-EAF4-3B1B-FC941B6E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}39010A72C9AB-4969-8834-81F6-1154E7C0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}641F5BE2B139-2428-BC74-EF40-5DBD94E0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}636F14B84E8E-5DA9-BB34-1509-121F368C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7CA2A18D329C-84A9-A3F4-3EFD-F79C5DBA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}55937064D61F-1148-B614-3613-3D6735E3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D95D71C3C765-B0F8-B144-FA39-EA55C64D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8A4CAB87504E-A1D9-1604-1AD1-413BB48E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BB0EEA0A548F-677B-6CA4-AF48-96F5B563{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FB52471DE6CB-D148-3EC4-1174-3A5A356E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D2C5CFAF943B-455B-96F4-5B80-3A8589A9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A37A9827A9A1-AA1A-7C94-794A-85330725{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B4379CC2976-C0A8-D724-B68F-EC9159DD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}60C63D8AAFA4-0D49-7684-A1CE-88B3C58E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5399B12946B6-78E9-2F84-1057-E8C3B61D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ECF3E380028E-637A-3004-04AE-034B7522{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}45A37128C1EC-26EA-1E84-DC67-E39A3622{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2B1CD3BADB45-F00A-6D34-5B66-BEAC1E4E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7F89DDEC0631-FA58-4194-7C3E-5C1B10CA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BB98F895A053-DBA8-37E4-7C7C-DC53DA2F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EE504D3C65B4-8549-1044-3083-F246E51C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FA4C4F6C3FAB-E27A-5144-17C7-5439E005{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A7D4410D9F35-32B8-C234-ACC7-7E1F9AED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}72DA07B94A18-5D7A-5164-63C1-7CD8EE43{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5DD724FC8253-FD7B-8564-F96E-CC6F0EDD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F2D33C5C6630-7CCA-8924-148B-0982CA15{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A88C39E16D1C-CA6B-6C14-42B1-61A71D07{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B18DA05E6747-90CA-18D4-F124-835F886F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}43D883BFC167-FE2B-07B4-C2D7-6DCFE42A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7AD236C29334-32EA-9904-6D0E-9178269B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\kppmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BA4B85CBF45A-050B-9754-B379-776D1F5E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5C145F985073-C79B-D2C4-EE48-3885DD5E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmppk.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSXUA.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSXUA.EXE 51 219 2006-07-02
C:\WINDOWS\SYSTEM32\DMPPK.EXE 61 958 2004-08-05
Other suspects
Directory of C:\WINDOWS\system32
{E5F1D677-973B-4579-B050-A54FBC58B4AB}.exe
{B9628719-E0D6-4099-AE23-43392C632DA7}.exe
{A24EFCD6-7D2C-4B70-B2EF-761CFB388D34}.exe
{950F1245-C7B1-4BD8-AEFA-3B513B494210}.exe
{70D17A16-1B24-41C6-B6AC-C1D61E93C88A}.exe
{51AC2890-B841-4298-ACC7-0366C5C33D2F}.exe
{DDE0F6CC-E69F-4658-B7DF-3528CF427DD5}.exe
{788237E8-6B9E-483E-9934-4225B187E59C}.exe
{34EE8DC7-1C36-4615-A7D5-81A49B70AD27}.exe
{DEA9F1E7-7CCA-432C-8B23-53F9D0144D7A}.exe
{500E9345-7C71-4415-A72E-BAF3C6F4C4AF}.exe
{C15E642F-3803-4401-9458-4B56C3D405EE}.exe
{F2AD35CD-C7C7-4E73-8ABD-350A598F89BB}.exe
{AC01B1C5-E3C7-4914-85AF-1360CEDD98F7}.exe
{E4E1CAEB-66B5-43D6-A00F-54BDAB3DC1B2}.exe
{2263A93E-76CD-48E1-AE62-CE1C82173A54}.exe
{26285A43-1D81-470F-889F-4D38E986A9D4}.exe
{2257B430-EA40-4003-A736-E820083E3FCE}.exe
{D16B3C8E-7501-48F2-9E87-6B64921B9935}.exe
{E85C3B88-EC1A-4867-94D0-4AFAA8D36C06}.exe
{DD9519CE-F86B-427D-8A0C-6792CC9734B4}.exe
{E2264574-C007-48E5-AD06-CED1B26E44CC}.exe
{E653A5A3-4711-4CE3-841D-BC6ED17425BF}.exe
{365B5F69-84FA-4AC6-B776-F845A0AEE0BB}.exe
{E84BB314-1DA1-4061-9D1A-E40578BAC4A8}.exe
{F1AB3CF6-BDBF-482B-A270-A97E6E4BC461}.exe
{3E5376D3-3163-416B-8411-F16D46073955}.exe
{ABD5C97F-DFE3-4F3A-9A48-C923D81A2AC7}.exe
{A1929EC4-B083-482B-9EE5-FA378BF8DABC}.exe
{0C7E4511-6F18-4388-9694-BA9C27A01093}.exe
{DAAE02F8-580C-4628-838B-A5DE8DFA6EA9}.exe
{28D957F7-D33E-4F7B-98AC-055CBF034304}.exe
{944E8516-99C7-46A0-AC60-683B6E0AFCD4}.exe
{55CA7F93-2C75-4B85-9F8A-D8DF84530DB4}.exe
{D19B7AD3-E417-4EA1-B42B-C81E188716E4}.exe
{DBF11F06-2CF4-4834-8409-A928320E3D1F}.exe
{84B0001F-0257-4EAE-8D51-6D69FEC6A940}.exe
{A89A1420-877B-42B4-AC2C-69A6FA45D9B2}.exe
{29A85F68-C6DC-4297-A598-6D7A5E04CF9A}.exe
{18DE1930-8C3C-4E3F-9A5B-95518D1A9E54}.exe
{4B371CCA-FE0E-4FA5-8C3F-DA77BA5F4F8D}.exe
{FE4EC818-A556-47F0-9BE8-E6BFBC9DF82F}.exe
{E0F9BACC-FC44-4847-B12A-2A948577408F}.exe
{77EFD8F2-3BD5-489F-96D6-CC7BAE430488}.exe
{2A18520F-D5D7-437E-9769-DE372403471F}.exe
{186824B9-D65A-4311-91B6-B9AAABB6413A}.exe
{D6753B5F-9252-448C-973A-92DB2B139DC7}.exe
{B48C5448-2206-4B4E-8102-D9CCD5CEB7C5}.exe
{C247F39E-2A1B-4BEA-AAEB-BA41E43E1560}.exe
{85D0E323-758C-4A9D-81B5-90B9C5A3644A}.exe
{A976709C-3FE4-4CDB-9822-52C13D23A88E}.exe
{A54F6B9A-7151-4CA4-8858-825DA9C9A926}.exe
{4BE053D2-1002-460D-A317-C296541CB0FF}.exe
{6AED22A3-11F1-44AB-A772-6A18BB8E12E5}.exe
{4DC4758E-E749-4302-A353-A3AF8BD72206}.exe
{910D67C3-95A1-41DB-83A1-CE9F4A35D815}.exe
{1EFF2875-E68E-441E-8A36-98E80BC0D5DB}.exe
{D3AF370D-FA53-4A16-A05D-622A4D29BAB1}.exe
{D5F3B681-F6D9-4B32-96A7-8AE84B6BFB4E}.exe
{436EBB29-E369-4363-B417-29E80CF360CC}.exe
{6CDD13F2-2F8A-4320-910E-A11B168E026C}.exe
{EEE73DEB-AE3D-4903-8C05-E8DE9473B677}.exe
{98D4D0DB-4B82-4882-8F29-E00F5A8E2355}.exe
{C653BD2D-3846-4696-B835-936E199131F0}.exe
{9C8B92B7-D2D4-45EE-9DBF-5FA918C6E9C3}.exe
{F18A55BB-461C-4B94-805C-CA8342F1AF0A}.exe
{2B15D0AA-DDD8-4903-AB44-FB1E3B411658}.exe
{E9755AFF-A3E6-4FC2-B17E-009E193DF1E3}.exe
{31A18776-4592-4D75-9664-54FF5E79D1C3}.exe
{EA8A50C8-1B87-46C9-94DA-119A87284738}.exe
{D42FA6AA-1135-46C3-B732-E973FBF4BA3D}.exe
{A73DDFC0-3DF3-4377-B201-84397C52F8A7}.exe
{2478FD1A-8F63-4023-978D-5A849A46D138}.exe
{AC6369A3-5A74-496D-9D42-74DBECF4117D}.exe
{954CD326-8709-438A-97C8-BC9ADE9B48AE}.exe
{221F740D-41B0-409C-88A7-67FC4411ED17}.exe
{1F747699-906E-4D73-97F6-4BEAB60A3507}.exe
{C077C68C-FBC3-41DD-8735-457020EFFE3D}.exe
{EF0C44EA-8CA9-4834-961F-43EF2A0405C3}.exe
{DEF43C6D-0508-43C0-A7B6-7EB506B088CF}.exe
{DA4B5F63-830A-4337-9584-34370B901189}.exe
{608FAAAA-44E0-4AF2-9A4E-CA7B51FD8570}.exe
{2CF6EC08-A035-4276-8257-C23F4CF5E2DD}.exe
{94E54B8C-1C7D-4557-BD25-2EBFB104AAD5}.exe
{3E01839F-CFAC-4C1C-9B13-521627E4B714}.exe
{80204C4E-3A99-44E4-9212-BB321CBE0359}.exe
{4A9D6DFA-AE8F-4ADB-B52D-157C2554D803}.exe
{484B92FC-8DD8-484B-8C0D-A6541ACE33C2}.exe
{CABD0CF4-9727-4B39-A019-E6FA85CCF64A}.exe
{8ABA0F5C-34D9-475B-BC49-8DD5E7F550E4}.exe
{3793F6D8-4012-429B-8196-F6A0B91237DA}.exe
{C05F77C6-1FF5-481A-9E91-B89D3E6FCFDC}.exe
{3046D020-153C-4101-9D14-973276BB40EE}.exe
{7F0817B0-9481-4493-A8F7-7093FEB39386}.exe
{B314B423-D4B8-4338-9093-5816171FB008}.exe
{C8B2B55D-D545-4E90-A253-56C7D35AF5DB}.exe
{FDCCF9D3-F918-4774-94E2-5A35B96A671A}.exe
{A81CD005-81FD-4B30-832B-0A7949B43930}.exe
{A6E931FD-C262-4FAE-9302-E5804E22D139}.exe
{1F48BC4A-B5A2-49AB-AD85-3DD189CD1591}.exe
{FAAF82A2-FEC4-4207-A60E-C2DF41974C49}.exe
{A8B94ECB-AA0A-49EF-8E41-782FC4AB2B65}.exe
{4805F245-6640-40A7-BEF2-772F29F96CF4}.exe
{A233256D-00AF-4494-9A1B-8AA549898572}.exe
{682C10A7-CB33-4BA6-B523-F18984FD3B09}.exe
{07BE0906-DF8B-48AF-85F3-1AEED586F9D0}.exe
{B81E5987-57BD-4E24-A48E-DD0DD21FA215}.exe
{4469AF1E-AADD-46EF-A74F-4377FD2053F2}.exe
{7C8D452A-DE17-46DD-8A65-372A758EB19F}.exe
{A46137AF-EEFA-4E55-BDCF-297E8BD67FC3}.exe
{7820224B-D83E-42C7-ABED-22EB42D4ACA8}.exe
{CE189505-2090-45CB-B856-C6D048599A12}.exe
{F03D597C-1D95-4DD6-8FA4-BA4381B5E5EB}.exe
{6ED5874E-9036-460F-B76D-40F111A0FFA5}.exe
{C56389C2-9793-454F-AF60-2F904638D6EC}.exe
{9A60E396-7046-4140-A589-BA0F5A7EEAE7}.exe
{5A8C4D63-D565-4644-97D9-FF14760912C3}.exe
{E7A9B11A-9AF0-4EE8-84C5-DDD9F62A59A3}.exe
{7E2E24BC-E2D4-42B1-A98E-A0CFD6D51FDB}.exe
{F6184822-D0A0-4932-9C01-A8A06F3A1003}.exe
{843FDC28-4F1C-42CC-8389-7CE74C31D134}.exe
{B92FDE7E-779F-491B-857D-7BA7B4CF5AAA}.exe
{55D09BB8-0089-4953-BE80-EA20974CD314}.exe
{39D65B94-5716-45D9-B674-6FCA1FC71FA7}.exe
{8C77397E-CC4B-4AC9-A167-715A3666F4C9}.exe
{ED871528-36B3-4445-9DAB-8BAA18BE3AF6}.exe
{A83D5434-8023-4C74-B122-A28D13D8AE7F}.exe
{A0AF3A8B-7108-4F10-B69A-8DC60EC508AA}.exe
{AD921070-A86F-4B93-8AD8-AE4C278C1925}.exe
{4F9A05F1-3F6F-4E44-B3C9-8B2AB29CCE3F}.exe
{92788E1E-93C1-4B7C-999A-CB0EEAC05155}.exe
{67E00EFE-1141-4F7F-8E4E-03EAD1E1A165}.exe
{88BBB8A6-8130-402B-944C-A93F2D983CDE}.exe
{6CF0990C-9CB2-495D-892A-42C1DC4A8B42}.exe
{DD2B4FA8-6994-4710-9DA0-7592C2185066}.exe
{7F2BD2FC-2C08-458B-98E2-85820875AA9D}.exe
{3B68241A-56F3-4B4E-8843-C5BF032AA61C}.exe
{8B0EAA6E-1654-4C80-8576-8159E46A7145}.exe
{6F883DEE-2415-44C9-A056-EDC979E2DDE7}.exe
{1D96FA07-AB26-4B88-B82F-5E4AB523D662}.exe
{9FCAA2DC-4516-4575-8EFB-ADFCDA32C6EE}.exe
{4E35AB7D-CF3F-4B91-95F9-34EC6C2ABC84}.exe
{62A5A14A-7E6A-47C1-8385-D801E96B5E81}.exe
{C84876AE-F160-4147-99F6-92E5A63778B4}.exe
{0F0614EA-CDE0-498D-859A-9B424C6C04D2}.exe
{F081094B-0526-4D7C-AB6A-F7BC9BD6FE91}.exe
{CA7EBDD7-1C41-4AB6-8B66-9AAA1CBFE37A}.exe
{0CDE37AC-29B7-4180-BCA1-BC7D33746E76}.exe
{4B86D2C2-1BF9-447D-9AF8-7DBD8990A3E5}.exe
{BCEA266B-F5A9-4934-BF60-ACC0E7503C17}.exe
{9D2991F0-AF91-4016-994F-09B89C0B4F01}.exe
{5A31FEE4-7F51-48F5-92F6-539CA160CF3A}.exe
{4B643C5D-F167-4F72-958B-F145E27AB17E}.exe
{5892BCDA-42D5-4981-8029-3EDF44A6AFA1}.exe
{8D9BA0BA-2E95-4A67-8AAF-046CD019D65E}.exe
{CB09FE04-8F1E-45A0-AC34-91C0F5D2C7FB}.exe
{FCBD0012-678B-497F-828A-47E4CF378ED9}.exe
{C7384626-B0A6-477C-A473-7CE5B3F5B781}.exe
{3FCD4F1D-4586-48A8-9013-AB98C8DBB02D}.exe
{455FDFEF-A0B3-488D-809F-E179C94F0F73}.exe
{AE32F41B-B407-4FA4-A2E8-660174AE8761}.exe
{C04408AC-EA9F-4CD5-9983-B2BF006D9832}.exe
{E37AE19C-39ED-4091-AF9E-8E3AEDEA598B}.exe
{3C8F6137-F6B4-4932-9F1B-D6CC6E5099E9}.exe
{D671843C-C1E9-40C0-89A1-135818681A7D}.exe
{5E2E1C23-6D31-48DF-87E5-F838AA807D22}.exe
{BE31B029-7A2F-4458-A65E-F670AD06C7AC}.exe
{64CA783D-0CD5-41DA-B32B-FE842ACCBE6C}.exe
{994088EC-8181-4A05-B9C3-6EE680916AA5}.exe
{74C6CD68-CBB2-423A-895C-8A2C070BF48B}.exe
{C0BA6D44-79FE-44F6-804B-E686729235FF}.exe
{ADA9FA4B-40B2-4018-AC3B-662C49BCC42E}.exe
{15715CE2-ECF6-4A05-89DA-45256978873E}.exe
{2EA9C639-55A2-47D2-883F-6A01CF6D3B33}.exe
{DA2CD825-CE3C-42EF-842B-FA55E5CC4D90}.exe
{154677C4-10B9-4D1F-81AE-D702DC3BF30F}.exe
{2545152C-859F-48CC-9961-1D1CC5F8DD74}.exe
{AD834F9C-7D94-4701-B54E-DDF3E36B5234}.exe
{83E4EACA-7E3D-4475-97D3-DD84CD3725F9}.exe
{ECA96DDC-6FA7-4D4F-8850-B769C1CA45EA}.exe
{18F9BE3A-347D-4DB2-B393-D742D75D7C7E}.exe
{E1A8ED3B-6ED9-4B30-890D-D74997437964}.exe
{A7B7B93E-76C6-4E98-9EDC-B70A8F724B36}.exe
{D36BC78E-5F34-4834-9B22-195A5CE4F2E7}.exe
{0B51F08E-708B-4624-A7B3-CC4899FC9CE7}.exe
{E09A6DB9-D6AE-4963-99A3-31813B714BF6}.exe
{158A0704-2CE7-4599-A461-F5D8CA0DB738}.exe
{2FC6BCD8-A1F4-4F67-9CA4-A7438E18387A}.exe
{58543E77-0753-45A4-88E0-49577C023F0A}.exe
{6E5ECAD5-EE88-490E-900B-749A29D40932}.exe
{DEEF671E-F46C-470E-916D-2EBD730166F3}.exe
{447F9B27-20AB-4DFD-84FE-3C760F35FF32}.exe
{46A1788B-5FA2-41C5-90E6-AA5440296565}.exe
{CF2A3AC4-AA33-4CFA-9E77-4FC460F253C8}.exe
{0EEA07F8-8D46-47D8-97BF-14390D778F97}.exe
{E356866E-388C-43C9-AAB2-922CE3FF7A25}.exe
{455FFEE6-B44A-46B0-9C7D-7729CAB8A52D}.exe
{80BC775D-359E-4B79-81A4-277C5A6FFA3C}.exe
{DFF7EAF8-66FB-4C84-A6A3-2150911C8388}.exe
{3B3A6EE0-D678-4D7D-8BC0-4D1CD44AE4C7}.exe
{EAE2D9D6-E04C-44FC-A1EC-B97F50199179}.exe
{C38B4574-0F86-4D6E-ADE8-A0D8E63FB701}.exe
{73C54794-BE8A-4918-8761-B24F478F30BF}.exe
{49EF55E1-EE26-46C6-A0A9-D36FFCE0E9C1}.exe
{5CE836BE-ECD7-419F-AAC2-11799D36002A}.exe
{A3664FA6-9DC3-4D78-A1E2-BEFBB72DE9CF}.exe
{8E9926B8-9D7B-44E0-83D0-F745B5EF50F1}.exe
{213D811B-D44C-4011-8434-F16FC9E491C3}.exe
{85408755-D073-4FA9-9039-F16BE2B6AC2B}.exe
{B840C5E9-2963-4D52-A24E-9C7C0FD70874}.exe
{0C0AF24D-E157-4675-8737-2C70F22A83E6}.exe
{4A026211-F246-4A9C-B9C6-C15C444EEC76}.exe
{DA7ED9F0-B05B-4F87-878F-8FA7FD68833A}.exe
{714CA3B8-4199-4048-A226-74F3C08CEC1A}.exe
{78A4527D-4BD8-4976-8F49-E475CB9CF6EF}.exe
{6A0934B3-5F9B-4020-9523-7176BAE1E708}.exe
{72FD96D9-C557-4DEB-8D5B-2185F3E86FCF}.exe
{4BE9F95A-FEA2-4E13-BF66-D97DE90CCD02}.exe
{049A6114-30EE-42B4-88FD-B954DED224A7}.exe
{97E343F4-29D9-4A4E-94F1-42E95828EBC6}.exe
{83AD41B3-79B7-484D-B243-A8128FC231EB}.exe
{11A453D4-C6DA-4FA9-8A71-2C351DEBB850}.exe
{F3F1A464-7485-4AED-A0C3-58D81FEBA059}.exe
{7A33AEB8-2061-4C7E-AB71-C8DCEBF2443E}.exe
{4B745DC5-5D32-4B7F-97BD-CA2BD626128A}.exe
{3B8D1924-7DEE-4CD7-99FA-41D5359463BD}.exe
{DD7177B1-E147-4372-BC3F-9B07C2D79EFD}.exe
{BD3799CD-81D2-4C7D-8AAF-CE604114D802}.exe
{090FEBAA-EDF4-41F0-8D38-5408F6B671C4}.exe
{91853ADF-C4E9-4D7A-B426-B83DB2633212}.exe
{B7E01F8C-92C3-45AE-924C-E652E6BEE3F0}.exe
{DBA91EBF-FD9E-487D-9BBA-502DC12FB1F3}.exe
{F41CE2EF-332E-49F4-9C2D-0801F8F839F4}.exe
{677F4AC4-7193-411D-AF5F-9B4BEAE8375C}.exe
{C2E49689-08FF-4992-80AA-BF44710F27FC}.exe
{259943DA-1A99-43F6-AA60-6D7B339E7F18}.exe
{D0539814-0405-4549-B2CA-C0EC36511B54}.exe
{3C7A941F-1EEE-4CEC-82C4-D3587215C6D9}.exe
{92BDB1A3-197C-4B76-A1C7-0C5128CE97A8}.exe
{976FA90A-3F00-4593-9E12-3BCF962123F7}.exe
{611F748C-7837-4693-9470-1A2EBFA49CCC}.exe
{FFC60EA6-D3E1-4BF2-8180-F2AB43286307}.exe
{C7D9555D-FF93-
0
Réponse 7 / 15
elektripustul
15 juil. 2006 à 18:41
NB:

1-Le fichier mis en quarantaine par ewido est:

C:\WINDOWS\system32\qbeju.exe

Il est infecté par: Trojan.DNSChanger.ef

2- en ce qui concerne le fichier mis en quarantaine par avast, voici la "fiche technique" complète:

Nom de fichier original: A0045406.dll
Dossier d'origine: C:\System Volume Information\_Restore{88F0EC16-5093-454D6BD2D-4DD02919E000}\RP88\A0048406.dll
Taille du fichier: 155648
Date de dernière modification: 02/07/2006 00:40:31
Date du transfert en quarantaine: 15/07/2006 12:58:22
Catégorie: Fichiers infectés
Description virus: Win32:Trojano-1269[Trj]
ID du fichier: 7
0
Réponse 8 / 15
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
15 juil. 2006 à 18:51
Salut

Ok !

-Remet un Black light stp

-Il y a des bebetes qui se cache, grrrrr, elles sont de plus en plus malignes ces infections.

Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

+ un hijack this

Je te donnerais une manip suite a ca.

a+
0
Réponse 9 / 15
elektripustul
15 juil. 2006 à 19:11
Pouh là là!! Comment veux tu qu'on se débarrasse seuls de ces saloperies!!

Alors, voici la suite:


1- Blacklight (il n'a rien détecté)

07/15/06 18:57:27 [Info]: BlackLight Engine 1.0.42 initialized
07/15/06 18:57:27 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/15/06 18:57:30 [Note]: 7019 4
07/15/06 18:57:30 [Note]: 7005 0
07/15/06 18:57:35 [Note]: 7006 0
07/15/06 18:57:35 [Note]: 7011 1320
07/15/06 18:57:36 [Note]: 7026 0
07/15/06 18:57:36 [Note]: 7026 0
07/15/06 18:57:46 [Note]: FSRAW library version 1.7.1019
07/15/06 19:00:54 [Note]: 2000 1006
07/15/06 19:01:55 [Note]: 7007 0

07/15/06 19:02:13 [Info]: BlackLight Engine 1.0.42 initialized
07/15/06 19:02:13 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/15/06 19:02:14 [Note]: 7019 4
07/15/06 19:02:14 [Note]: 7005 0
07/15/06 19:02:19 [Note]: 7006 0
07/15/06 19:02:19 [Note]: 7011 1320
07/15/06 19:02:19 [Note]: 7026 0
07/15/06 19:02:19 [Note]: 7026 0
07/15/06 19:02:22 [Note]: FSRAW library version 1.7.1019
07/15/06 19:02:42 [Note]: 7007 0



2- silentrunners

"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"Acme.PCHButton" = "C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe" ["Motive Communications, Inc."]
"sbin" = "uio.exe" [file not found]
"XTermInit" = "avpmondll.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [null data]
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
"VTTimer" = "VTTimer.exe" [file not found]
"SiS Windows KeyHook" = "C:\WINDOWS\system32\keyhook.exe" ["Silicon Integrated Systems Corporation"]
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"AlcxMonitor" = "ALCXMNTR.EXE" ["Realtek Semiconductor Corp."]
"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" ["France Télécom R&D"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"utsgmon" = "install2.exe" [file not found]
"SysSupport" = "zantu.exe" [file not found]
"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)
-> {HKLM...CLSID} = "ST"
\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "MSNToolBandBHO"
\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "c:\Program Files\Sonic RecordNow!\shlext.dll" [null data]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {HKLM...CLSID} = "SampleView"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "famille" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g" -> shortcut to: "C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe" [" "]


Enabled Scheduled Tasks:
------------------------

"XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" ["ParetoLogic Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {HKLM...CLSID} = "MSN"
\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Rechercher"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherche"


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 2 lines

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]
"{D2B62CF9-F768-7060-355E-361C2358B9D3}" = "slamm"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "BoundRec.dll" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Agent SAP, NwSapAgent, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]}
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 20 seconds, including 3 seconds for message boxes)



3- Et enfin, hjt

Logfile of HijackThis v1.99.1
Scan saved at 19:05:19, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\famille\LOCALS~1\Temp\Répertoire temporaire 9 pour hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presa...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://security.symantec.com/default.asp?productid=NPF2004&langid=fr&venid=sym
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {D2B62CF9-F768-7060-355E-361C2358B9D3} - BoundRec.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [utsgmon] install2.exe
O4 - HKLM\..\Run: [SysSupport] zantu.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [sbin] uio.exe
O4 - HKCU\..\Run: [XTermInit] avpmondll.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.servicesalacarte.wanadoo.fr/activex/zylomgamesplayer.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://jeux.wanadoo.fr/online2/diner_dash/DinerDash.1.0.0.58.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


voilà voilà, encore un peu de lecture! Merci encore!!
0
Réponse 10 / 15
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
15 juil. 2006 à 20:02
Bonjour,

C'est a cela que nous servons ;-) C'est pour ca qu'on partage nos connaissances...

Méthode à suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

1/

Spybot S&D 1.4
https://www.safer-networking.org/

Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/

Ad-Aware SE 1.06
https://www.adaware.com/
-Une aide:
http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf

3/ Ewido:

http://perso.orange.fr/entraide-hijackthis/Ewido/

Installation puis mises à jour.

4/ Ccleaner :

https://www.pcastuces.com/logitheque/ccleaner.htm
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://security.symantec.com/default.asp?productid=NPF2004&langid=fr&venid=sym

R3 - URLSearchHook: (no name) - {D2B62CF9-F768-7060-355E-361C2358B9D3} - BoundRec.dll (file missing)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [utsgmon] install2.exe

O4 - HKLM\..\Run: [SysSupport] zantu.exe

O4 - HKCU\..\Run: [sbin] uio.exe

O4 - HKCU\..\Run: [XTermInit] avpmondll.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\ALCXMNTR.EXE

----------------------------------------------------------------------------
¤Arrête ces services :

Clique sur Démarrer->exécuter->tape: services.msc

Double-clique: Service: Boonty Games - BOONTY

Règle-le sur "Arrêté" et "Désactivé".

----------------------------------------------------------------------------
¤ Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.Choisis supprimer lors du scan.
----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
-------------------------------------------------------------------------------------------
¤ Lance CCleaner.

Suppression des fichiers temporaires

Va dans la section "Options" situé dans la marge gauche. Va dans "Avancé" et décoche "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes les cases dans la marge gauche (Internet Explorer/Windows Explorer/Système/Avancé)
• Clique sur Analyse
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur Lancer le Nettoyage

Suppression des incohérence du registre

• Clique sur l'icône Erreurs situés dans la marge à gauche.
• Puis clique sur Analyser les erreurs
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur Corriger les erreurs.
Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Précise tes soucis s’il en reste....

Tiens-moi au courant

A+
0
Réponse 11 / 15
elektripustul
16 juil. 2006 à 01:37
waouh! c'est la lutte, mais j'ai tout fait:

téléchargements et mises à jour, découvrir les fichiers cachés et autres, hijackthis,
puis, en mode sans échec: suppression de boonty.exe et de alcxmntr (je savais qu'il fallait que je le supprime celui là, mais je ne connaissais pas la manip!), ewido, puis adaware, puis spybot puis ccleaner. Enfin, vidage de corbeille et redémarrage en mode normal.

Tu ne l'as pas précisé, mais je suppose qu'il fallait que je déselectionne les fichiers cachés à la fin..

Je n'ai plus de messages d'alerte, tout marche bien pour le moment, en espérant que je n'ai pas fait de dommages colatéraux avec ccleaner. Mais j'ai fait une sauvegarde avant d'effacer, donc ça devrait aller. Seule perte non maitrisée: Everest Poker qui n'était pas à l'origine du problème, mais c'est bon, je l'ai réinstallé.

Comme prévu je te poste les 2 derniers (j'espère!) rapports:

1- Ewido

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:16:17 15/07/2006

+ Scan result:



C:\Program Files\Everest Poker\CStart.exe -> Adware.Casino : No action taken.
C:\Program Files\Everest Poker\Everest Poker.exe -> Adware.Casino : No action taken.
C:\Program Files\Everest Poker\cstart-tmp.exe -> Adware.Casino : No action taken.
C:\RECYCLER\S-1-5-21-604058702-2698579121-2388555870-1011\Dc5\Everest Poker[1].exe -> Adware.Casino : No action taken.
C:\WINDOWS\system32\{96FB7EAA-D4BF-4370-97DF-332EB188551B}.exe -> Adware.Casino : No action taken.
C:\Documents and Settings\famille\Cookies\famille@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\test\Cookies\test@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\famille\Cookies\famille@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\famille\Cookies\famille@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\test\Cookies\test@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\test\Cookies\test@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\famille\Cookies\famille@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\test\Cookies\test@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\test\Cookies\test@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\famille\Cookies\famille@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\test\Cookies\test@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\famille\Cookies\famille@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\test\Cookies\test@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\test\Cookies\test@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\famille\Cookies\famille@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\famille\Cookies\famille@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : No action taken.
C:\Documents and Settings\famille\Cookies\famille@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\test\Cookies\test@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\test\Cookies\test@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\test\Cookies\test@as1.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\test\Cookies\test@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\famille\Cookies\famille@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\test\Cookies\test@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\famille\Cookies\famille@overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\test\Cookies\test@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\test\Cookies\test@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\test\Cookies\test@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\test\Cookies\test@paycounter[1].txt -> TrackingCookie.Paycounter : No action taken.
C:\Documents and Settings\test\Cookies\test@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\test\Cookies\test@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\test\Cookies\test@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : No action taken.
C:\Documents and Settings\test\Cookies\test@sexlist[1].txt -> TrackingCookie.Sexlist : No action taken.
C:\Documents and Settings\test\Cookies\test@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\test\Cookies\test@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\test\Cookies\test@sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\famille\Cookies\famille@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\test\Cookies\test@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\test\Cookies\test@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\famille\Cookies\famille@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\test\Cookies\test@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\test\Cookies\test@wreport.weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\WINDOWS\system32\{974EAAB4-5DA3-458F-BA4A-0B51F41E87E4}.exe -> Trojan.Hoster : No action taken.
C:\WINDOWS\system32\{7338495E-FB9A-495D-AC78-24DC62F1E7AC}.exe -> Trojan.Puper.bx : No action taken.
C:\WINDOWS\system32\dmppk.exe -> Trojan.Small.fb : No action taken.
C:\WINDOWS\system32\{B60F5E42-7357-410B-8632-A8434B9AC2F8}.exe -> Trojan.Small.gq : No action taken.


::Report end



2- hjt

Logfile of HijackThis v1.99.1
Scan saved at 01:27:57, on 16/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Everest Poker\Everest Poker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\famille\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presa...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.servicesalacarte.wanadoo.fr/activex/zylomgamesplayer.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://jeux.wanadoo.fr/online2/diner_dash/DinerDash.1.0.0.58.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



Donc, a priori, je n'ai plus de problème!! Je te laisse confirmer quand tu auras vérifier les rapports...

En tout cas, ENORMES mercis!!! Je crois que tu as sauvé la vie de mon PC qui aurait tragiquement fini sa vie écrasé en bas de ma fenêtre sans ton aide!!

J'espère ne pas avoir fait de fausse manip...

Encore merci!!
A+
0
Réponse 12 / 15
elektripustul
16 juil. 2006 à 01:48
Ah si, un dernier truc:

tout est bien propre, mis à part le fichier toujours en quarantaine dand avast:

Win32:Trojano-1269[Trj] dans le fichier C:\System Volume Information\_Restore{88F0EC16-5093-454D-BD2D-4DD02919E000}\RP88\A0048406.dll

J'en fait quoi? Je le supprime?
Et au niveau de la restauration système, est-il nécessaire de désactiver/réactiver comme tu me le disais au départ?

Merci..
0
Réponse 13 / 15
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
16 juil. 2006 à 12:25
Salut

1- Tu peux supprimer ce qui se trouve dans la quantaine.
2-Pour les fichiers que tu as affiches, il faut les recacher quand tu n auras plus de soucis
3-La restauration systeme c est pareil, il faut creer un point quand tu es sur de ne pas revenir ici lol
4-Dans ewido, tu as mis no action taken, il faut que tu supprime tout ce que ewido t alertes. Donc, choisis supprimer.Tu peux relance un scan?
5-Pour ton jeu de poker, d apres les rapports, il semble infecté, tu le garde quand meme?

lol Bha je vois que tu t y connais un peu alors lol
Et sinon, y a pas de quoi :-)

A+
0
Réponse 14 / 15
elektripustul
17 juil. 2006 à 19:01
je vais faire tout ce que tu m'as dit... Sauf pour le jeu de poker! Ca fait 6 mois que je l'ai, bien avant que d problèmes apparaissent! alors je prend le risque!!

Mais comme je te le disais, a priori, tous mes problèmes sont réglés! Plus d'alerte!

Merci encore et j'espère au plus tard possible!!
0
Réponse 15 / 15
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
17 juil. 2006 à 19:18
Salut,

D'accord ;-)

Bonne continuation et au plaisir !

Bonnes chances dans tes parties de Poker :-)

a+
0

Discussions similaires

Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menaces HackTool:Win32
LeMax5993 -
lisa4777 -

4 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses