bon ben vous le savez; hack + souris Fermé

Question

salut Gerard, salut olivier

merci a vous 2 !

voila ci joint mon hijack this, apparremment clean,vraiment j espere trouver avant de passer a l etape superieure [...]
Ma souris se fige bcp et fais un peu n importe quoi

Logfile of HijackThis v1.99.1
Scan saved at 21:31:31, on 07/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Documents and Settings\Propriétaire\Mes documents\Mes Projets\protection\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B3D55E8-2565-4A51-A094-32EBFF549A5F}: NameServer = 205.188.146.145
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--------------------------------------------------------
---------------------------------------------------------
Un silent runner :

"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RecordNow!" = (empty string)
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"BackupNotify" = "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [null data]
"Acme.PCHButton" = "C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" ["Motive Communications, Inc."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"CamMonitor" = "c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [empty string]
"HPHUPD05" = "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [file not found]
"HPHmon05" = "C:\WINDOWS\System32\hphmon05.exe" ["Hewlett-Packard"]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"UpdateManager" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
"VTTimer" = "VTTimer.exe" [file not found]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]
"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]
"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"AOL Spyware Protection" = ""C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]
"csymenbkzj" = "c:\windows\system32\csymenbkzj.exe -start" [null data]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"msnappau" = ""C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ {++}
EXECUTION UNLIKELY: "Registrando Panda ActiveX" = "C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\as.dll" [MS]
EXECUTION UNLIKELY: "Registrando Panda Almacen" = "C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\pavpz.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{19CC43A1-6925-4B48-B292-830291F393A6}" = "HPNSView"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdns_01.dll" [empty string]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\RecordNow!\shlext.dll" ["Sonic Solutions"]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{D3581EB7-5E16-4182-9F58-86FA713B42F9}" = "AOL"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\aolshare\shell\fr\shellext.dll" ["America Online, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]

Startup items in "Propriétaire" & "All Users" startup folders:
--------------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

Enabled Scheduled Tasks:
------------------------

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = "Vue HP" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = "Vue HP" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 2 lines

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 18 seconds, including 2 seconds for message boxes)

----------------------------------------------
---------------------------------------------

Ensuite il me semble que cette commande verifie si il y a d autres connections sur le pc, tu vois quelque chose?

Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Propriétaire>netstat a

Affiche les statistiques de protocole et des connexions réseau TCP/IP actuelles.

NETSTAT [-a] [-b] [-e] [-n] [-o] [-p protocole] [-r] [-s] [-v] [intervalle]

-a Affiche toutes les connexions et les ports d'écoute.
-b Affiche les fichiers exécutables impliqués dans la création de c
haque connexion ou
port d'écoute. Certains fichiers exécutables connus peuvent hébe
rger
plusieurs composants indépendants. Dans ce cas, la
séquence des composants impliqués dans la création de la connexi
on
ou du port d'écoute est affichée et le nom du fichier exécutabl
e
apparaître entre crochets [] en bas, le nom du composant appelé
apparaît en haut,
et ainsi de suite jusqu'à ce que TCP/IP soit atteint. Remarquez
que cette option
peut prendre du temps et échouera si vous ne disposez pas des au
torisations
suffisantes.
-e Affiche les statistiques Ethernet. Cette option peut être combin
ée avec l'option
-s.
-n Affiche les adresses et les numéros de port au format numérique.

-o Affiche l'identificateur du processus propriétaire associé à cha
que connexion.
-p protocole Affiche les connexions pour le protocole spécifié ; protocole
peut être une des valeurs suivantes : TCP, UDP, TCPv6 ou UDPv6.
S'il est utilisé avec l'option
-s pour afficher les statistiques par protocole, le protocole pe
ut être une des valeurs suivantes :
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP ou UDPv6.
-r Affiche la table de routage.
-s Affiche les statistiques par protocole. Par défaut, les statist
iques sont
affichées pour IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP et UDPv6.

L'option -p peut être utilisée pour spécifier un sous-jeu de la
valeur par défaut.
-v Lorsqu'elle est utilisée avec -b, cette option affichera la séqu
ence des
composants impliqués dans la création de la connexion ou du port
d'écoute
pour tous les fichiers exécutables.
intervalle Affiche régulièrement les statistiques sélectionnées, en faisant
une pause pendant le nombre de secondes spécifié par l'intervalle
entre chaque affichage. Appuyez sur CTRL+C pour arrêter l'affic
hage
des statistiques. Si l'intervalle est omis, netstat n'affichera
les
informations de configuration actuelle qu'une seule fois.

C:\Documents and Settings\Propriétaire>netstat -a

Connexions actives

Proto Adresse locale Adresse distante Etat
TCP MOI:epmap 0.0.0.0:0 LISTENING
TCP MOI:microsoft-ds 0.0.0.0:0 LISTENING
TCP MOI:18350 0.0.0.0:0 LISTENING
TCP MOI:1027 0.0.0.0:0 LISTENING
TCP MOI:1298 localhost:18350 ESTABLISHED
TCP MOI:18350 localhost:1298 ESTABLISHED
TCP MOI:netbios-ssn 0.0.0.0:0 LISTENING
UDP MOI:microsoft-ds *:*
UDP MOI:isakmp *:*
UDP MOI:1056 *:*
UDP MOI:1057 *:*
UDP MOI:4500 *:*
UDP MOI:ntp *:*
UDP MOI:1900 *:*
UDP MOI:ntp *:*
UDP MOI:netbios-ns *:*
UDP MOI:netbios-dgm *:*
UDP MOI:1900 *:*

A+

Afficher la suite

Real Mona · Answer

Oh que j'aimerai pouvoir t'aider mon chéri....mais bon balltrap et moe sont là, moi je t'aide par la penséemmmmmmmmWWWWaAAAhhhhhhh

Utilisateur anonyme · Answer

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
c:\windows\system32\csymenbkzj.exe

fait le analyser et regarde si d'autres fichiers ont étés crées en meme temps que lui.
fait aussi une recherche dans le registre pour voir s'il ya d'autres entrées

Utilisateur anonyme · Answer

Mona, j ai besoin d un calin lol

balltrap34 · Answer

fait analyser celui ci aussiC:\WINDOWS\system32\regsvr32.exe

Utilisateur anonyme · Answer

je le fais analyser par http://virusscan.jotti.org/ ou par l antivirus?

Utilisateur anonyme · Answer

http://www.virustotal.com/xhtml/virustotal_en.htmlhttp://virusscan.jotti.org/et par ton av

balltrap34 · Answer

99/100 que celui ci est mauvaisc:\windows\system32\csymenbkzj.exe

Utilisateur anonyme · Answer

oui d'accord avec toien tout cas inconnu au bataillon

Utilisateur anonyme · Answer

File: regsvr32.exe
Status: OK
MD5 4f73521f2f65c97c0ee8cef9dba8b40b
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
-----------------------------------------
This is a report processed by VirusTotal on 08/07/2005 at 22:11:28 (CET) after scanning the file "regsvr32.exe" file.
Antivirus Version Update Result
AntiVir 6.31.1.0 08.07.2005 no virus found
Avast 4.6.695.0 08.05.2005 no virus found
AVG 718 08.07.2005 no virus found
Avira 6.31.1.0 08.05.2005 no virus found
BitDefender 7.0 08.07.2005 no virus found
CAT-QuickHeal 7.03 08.07.2005 no virus found
ClamAV devel-20050725 08.07.2005 no virus found
DrWeb 4.32b 08.07.2005 no virus found
eTrust-Iris 7.1.194.0 08.06.2005 no virus found
eTrust-Vet 11.9.1.0 08.05.2005 no virus found
Fortinet 2.36.0.0 08.05.2005 no virus found
F-Prot 3.16c 08.05.2005 no virus found
Ikarus 0.2.59.0 08.05.2005 no virus found
Kaspersky 4.0.2.24 08.07.2005 no virus found
McAfee 4551 08.05.2005 no virus found
NOD32v2 1.1187 08.05.2005 no virus found
Norman 5.70.10 08.05.2005 no virus found
Panda 8.02.00 08.07.2005 no virus found
Sophos 3.96.0 08.07.2005 no virus found
Sybari 7.5.1314 08.07.2005 no virus found
Symantec 8.0 08.06.2005 no virus found
TheHacker 5.8.2.081 08.07.2005 no virus found
VBA32 3.10.4 08.05.2005 no virus found

De meme avec antivir !!!

Utilisateur anonyme · Answer

et l'autre ?

balltrap34 · Answer

c etais surtout l autre qu i est mauvais a notre avis

Utilisateur anonyme · Answer

re,c:\windows\system32\csymenbkzj.exe << invisible partout !! avec les 2 sites + ds systeme32de plus ce csymenbkzj.exe etait ds les programmes de zone alarme je l ai virer tout a l heure !a+

Utilisateur anonyme · Answer

telecharge ce bathttp://get.yourfile.net/fx65256.ziplance le et dis moi s'il trouve quelque chose

balltrap34 · Answer

bien pratique se bat il suffit de modifier le nom du fichier

Utilisateur anonyme · Answer

vous assurez les mecs, je vous payerais un verre, promis lolvoila ce qu il trouveC:\WINDOWS\system32\csymenbkzj.exeC:\WINDOWS\system32\csymenbkzj_nav.datC:\WINDOWS\system32\msplock32.dlla+

Utilisateur anonyme · Answer

oui ;-)

balltrap34 · Answer

donc ces fichiers existe
tu doit les voir par l explorateur
verifie que tu vois les fichiers cachees
si tu les trouve je te propose de les renommer
comme ceci
C:\WINDOWS\system32\csymenbkzj.exe_

mais pour celui ci
C:\WINDOWS\system32\msplock32.dll

Démarrer--->Exécuter--->taper
regsvr32.exe -u C:\WINDOWS\system32\msplock32.dll
puis cliquer sur OK
Renommer le fichier C:\WINDOWS\system32\msplock32.dll_

Utilisateur anonyme · Answer

ouiet celui là csymenbkzj_nav.dat si tu le trouve, ouvre le avec le bloc note et colle ici le contenu.verifie aussi si celui là existe:C:\WINDOWS\system32\msclock32.dll

balltrap34 · Answer

tu as trouver quelque chose en rapport a ceci moemsclock32.dll

Utilisateur anonyme · Answer

ben apparement msplock32.dll à l'air d'etre adware navipromo, et dans les resultat de scan av il y a pratiquement tout le temps msclock32.dll detecté avec.
mais je crois que regis à reussi à bloquer le telechargement d'autres fichiers en le bloquant avec le firewall
c'est juste pour voir..

Utilisateur anonyme · Answer

je recherche tjr C:\WINDOWS\system32\csymenbkzj.exeje suis au niveau du poste 17 de balltrap, je le cherche et apres je vais me coucher, on reprend demain si possible? je me leve a 5h00 helas

Utilisateur anonyme · Answer

tu as viré l'entrée dans HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "csymenbkzj"=C:\WINDOWS\system32\csymenbkzj.exefais le avant d'eteindre ton pcà demain pour la suite

balltrap34 · Answer

oui vire imperatif cette clef pour ne pas l avoir au redemarrageremarque cela pour moe si il a renommer l exe il ne devrait pas se relancer mais il vaut mieux assurer ces arrieresbon regis je te laisse puisque tu vas te coucher et moi demain je part dans les landes a nouveau donc pas la demain soirmoe je te confie notre petit regis prend en soin (mdr)

Utilisateur anonyme · Answer

re,aucunes traces, en suivant le chemin pas trouver+recherche avec la fonction recherche pas de C:\WINDOWS\system32\csymenbkzj.exePar contre il etait ds zone alarme cet aprem ce csymenbkzj.exe et je l ai supprimer aie aie mais il est revenu j ai vupar contre il y a aussi cela dans zone alarmeC:\WINDOWS\system32\wndzyivom.exe (j ai pas encore analyser je le fais demain)etC:\WINDOWS\system32\csymenbkzj.exe (mais je le trouve pas bordel dans systeme32)je vais me coucher desole, pas moyen de le trouver, j espere vous retrouver demain,merci, vbonne nuit les gars

balltrap34 · Answer

essai avec la killbox il faut a tous prix le virer

Utilisateur anonyme · Answer

ok, t'inquiete, je repasse demain un tout petit peu vers midi et vraiment en fin d'apres midibloque leur l'acces au netbonne route à balltrapa+

Utilisateur anonyme · Answer

dans le bat que tu as dl, fais un clic droit dessus et clic sur modifierif exist %syspath%\csymenbkzj.exe (goto search ) else (goto fin):searchdir %syspath%\csymenbkzj.exe /4 /A /N /-C>result.txt type result.txt | find /i "csymenbkzj.exe">result2.txt dans ces ligne remplace csymenbkzj.exe par wndzyivom.exe (3 en tout)enregistre, relance le bat et vois s'il trouve d'autres fichiers

Utilisateur anonyme · Answer

salut les gars,avec kill box pas trouverj essai chaos shredder !et la cle idemsinon j eteins pas mon ordi, j enleve la prise de tel et je blok l acces au net par zone alarmebonne route balltrap et merci a vous 2 serieux !

balltrap34 · Answer

merci moea++

Utilisateur anonyme · Answer

chaos devrait le trouver, essaye de faire la manip du post 27 pour voir si d'autres fichiers sont trouvésa+

Utilisateur anonyme · Answer

SALUT olivier, pdmalors ce matin qqun a arreter l ordi !je l ai rallumer moi meme, au demarage il a lancer chsdk un truc comme ca, un scan disque si tu vois, il a supprimer 2 fichiers-->recherche ds regedit de csymenbkzj.exe --->NADA-->analyse systeme 32 par antivir --->NADA-->csymenbkzj.exe -->visible dans chaos shredder !!!+csymenbkzj_navps.dat+csymenbkzj-nav.dat+csymenbkzj.dat+msplock32.dllVoila ou j en suis maintenant moe, je fais le poste 27?

Utilisateur anonyme · Answer

re,pour le poste 227, quand je fais clik droit j ai pas modifier, tu peux pas m envoyer un autre bat?a+

Utilisateur anonyme · Answer

par contre , il y a ceci dans zone alarme wndzyivom.exe dans systeme 32 ds le pare feu zone alarmemais introuvable partouta+, c est lié?

Utilisateur anonyme · Answer

salut quentinvoilà un nouveau bat http://get.yourfile.net/wv65546.zipposte aussi un silentrunner

Utilisateur anonyme · Answer

salut moe,pour le bat, la fenetre ne reste pas, elle disparait, prkoi?

Utilisateur anonyme · Answer

chez moi aussi, je verifie ca dessuite

Utilisateur anonyme · Answer

ok merci Olivier

Utilisateur anonyme · Answer

c'est rectifiéhttp://get.yourfile.net/fe65553.zip

Utilisateur anonyme · Answer

merci moeresultatFichier non trouvé !!"Silent Runners.vbs", revision 39, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"RecordNow!" = (empty string)"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]"BackupNotify" = "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [null data]"Acme.PCHButton" = "C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" ["Motive Communications, Inc."]"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]"CamMonitor" = "c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [empty string]"HPHUPD05" = "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [file not found]"HPHmon05" = "C:\WINDOWS\System32\hphmon05.exe" ["Hewlett-Packard"]"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]"UpdateManager" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]"VTTimer" = "VTTimer.exe" [file not found]"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON"]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"AOL Spyware Protection" = ""C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]"csymenbkzj" = "c:\windows\system32\csymenbkzj.exe -start" [null data]"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]"msnappau" = ""C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ {++}EXECUTION UNLIKELY: "Registrando Panda ActiveX" = "C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\as.dll" [MS]EXECUTION UNLIKELY: "Registrando Panda Almacen" = "C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\pavpz.dll" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{19CC43A1-6925-4B48-B292-830291F393A6}" = "HPNSView"  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdns_01.dll" [empty string]"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\RecordNow!\shlext.dll" ["Sonic Solutions"]"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{D3581EB7-5E16-4182-9F58-86FA713B42F9}" = "AOL"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\aolshare\shell\fr\shellext.dll" ["America Online, Inc."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]DESKTOP.INI DLL launch in local fixed drive directories:--------------------------------------------------------D:\cmdcons\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]D:\MiniNT\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]D:\PRELOAD\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]D:\I386\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]D:\TOOLS\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]D:\hp\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]Startup items in "Propriétaire" & "All Users" startup folders:--------------------------------------------------------------C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]Enabled Scheduled Tasks:------------------------"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = "Vue HP" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = "Vue HP" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]HKLM\Software\Microsoft\Internet Explorer\Toolbar\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]Explorer BarsHKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]Dormant Explorer Bars in "View, Explorer Bar" menuHKLM\Software\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ = "Vue HP"Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\"ButtonText" = "AOL Toolbar""MenuText" = "AOL Toolbar"{85D1F590-48F4-11D9-9669-0800200C9A66}\"MenuText" = "Uninstall BitDefender Online Scanner v8""Exec" = "%windir%\bdoscandel.exe" [null data]{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\"ButtonText" = "Real.com"{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"Missing lines (compared with English-language version):[Strings]: 2 linesRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 95 seconds.+ The search for all Registry CLSIDs containing dormant Explorer Bars  took 27 seconds.---------- (total run time: 161 seconds)

Utilisateur anonyme · Answer

pour wndzyivom.exe, je pense qu'il n'y est pas apparement.peut etre que c'est le 1er fichier qui à été telechargé et renommé ensuite.pour les 3 .dat, ouvre les  (si tu peux les voir) avec le bloc note, ca risque rien, ensuite tu recherche si un ou plusieurs nom de fichiers sont mentionnés.poste leurs noms ici.pour silentrunner, toujours la meme ligne dans les runselle ne s'est pas renommé c'est dejà ca.

Utilisateur anonyme · Answer

re moe, j ai ouvert le csymenbkzj.dat, voila: LAX]IO]^]AT\ ^xa=YUTETN LygP3".b~|7:93( /GW PAPT AYP2$>#9A q=9=#>(-fn3$SP3".b~|7:9L ^R\CX]@@AZSVVWIO"?OL q=9=#>(-f[IOXRMWCAQR\O^AOL\^E ^}PJQ#")&`[IO^CUVF^ PA{m"&"+"(0abPTE]WMO:wbR2\UPVM mSWQR_S@EX]G]TW 3WJ@^_B]S659-2!,qzWUUPN>"AE[2^EPF]\E]W CDZNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDY^B_Q L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\D_P@VS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]W C@TNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDY^F\Q L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\D_UBVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VF@_J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]W EDTNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDY^G\QL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\D_T CVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]W AD\NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDY^I_SL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YB\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\D^SDVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]WB@XNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX\B]RL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E]Q @VS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]VCGYNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX\B\[L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YB\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E]PCVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]VBD\NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX\C\[ L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E]P@VS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]VKGTNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYUAAXP_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX\E\QL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E]V JVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V@GTNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX\G\R L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E]TJVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V CGTNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PC@Y^YM5[CFL%?/ JBLATQ @BUSBRF]KM\WWWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX\H\Q L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E][GVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V @D\NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX]@\UL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YB\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RGM^YEQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E\RBVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V AAZNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX]B\PL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E\QFVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]VEEXNN:"`{<3W# b^BW/.WPF= QT_F\XFTVGHB(19"p}}1?SP4,7ss~=7&L\^E ^}PT<@TAQR_SGE_]G_Ze3&#%>*Y}AW$Yq^q $ AESV]_RGM^YEQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E\Q BVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]VKDXNN:"`{<3W# b^BW/.WPF= QT_F\XFTVGHB(19"p}}1?SP4,7ss~=7&L\^E ^}PT<@TAQR_SGE_^@]Ue3&#%>*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX]C\PL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E\PEVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V @@[NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX]D\T L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E\W DVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]VCFYNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX]F\S L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E\UFVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]VAE]NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX]G\[ L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YB\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E\[BVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V @EUNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX]I_RL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YB\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E_SAVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V ADUNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX^A\[L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E_Q DVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V G@]NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX^C\WL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E_PAVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V B@]NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX^E\SL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E_V BVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V J@XNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX^G\RL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YB\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E_[@VS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V BATNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX^I\QL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E^SAVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V@F[NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GDX_A]Z L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\E^R JVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]V DF^NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PC@Y^YM5[CFL%?/ JBLATQ @BUSBRF]KM\WWWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GD[\A\P L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\F]RKVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]UKE_NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GD[\C\V L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YB\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\F]P BVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VDF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]UJE]NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GD[\D\RL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YB\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\F]WDVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]UEFXNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GD[\E\RL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\F]V BVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]UB@TNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GD[\H\TL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\F]ZAVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]UF@YNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PC@Y^YM5[CFL%?/ JBLATQ @BUSBRF]KM\WWWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GD[]@_SL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YB\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\F\RDVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]U BG[NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GD[]B\R L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\F\P BVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]UKEZNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GD[]E\QL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\F\V@VS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]UC@]NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GD[]F\WL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\F\TAVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]UFAZNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCAU]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GD[]H\Z L#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YB\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\F\ZAVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGL\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]U @D\NN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR[T;S]'&!LJMFEBH[B@XFYWC CL XVOEX^AK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCA_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\V WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GD[^A]ZL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\F_R@VS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y659-2!,qzWUUPN>"AE[2^EPF]\E]U KGYNN:"`{<3W+1WP^" $ T^;1%8$=<`TSTE:GP^R LMMR [T;S]'&!LJMFEBH[B@XFYWC CL XVOEXTAK_A M^R T@G\_BK_A _HM[> XEf3978za|*YuTF GA{V9(+feb-& MKdX@ PCB_]YM5[CFL%?/ JBLATQ @BUSBRF]KM\U WWCF_B^RWBP@P]JTU`RG81gvg<="2P_O HT@^AYU@E\P_)"fpp>;.'NQ'ses08"/;MQZ\ V<;OLWn@ PA GD[^C\SL#,>>$-uu ? 3]AG= W*wyf&$2>dC[UOT\YH\Jg[ M6`}HTYADB C ]\ BS ^ CR V[\WOG\^^Q @R VJEBM\Y`9"[Fg5! $ #@`WBTCTWL]_RKC_]AQLvpf36!#3&]us&5/ ?.(PQUTVOV##RM[\W- BDX\F_PCVS;1?-{uH3"^a]%xw: 9TWLB] FH R][_R VGF\J E[P_A_CG_J TJ ^D&fp[!*9%3|V@#R V FHBI\LJMN DBT[B\Rv3 ,.<" y];?(5?]~`61?L ^JGOLW^GIONPSEWOV)#>(AY[ PAtWUUPN>"AUS2 ^ /UX\OV_\@XSCL_^RMJTQ- PAN0,81//}ryR^TV QR#,F3G]FOV_\@XSCL_^RS']F\P_A^ BLB'ses08"/;S_~`61?RLB }|b=:("$S_q~";#)>9C[UPE]NP@B[PNAAS@VM ]F^ PAktaP[SP3".b~|7:9L ^ PT ]_PEA\]OWUUPN)(0N7"! "-wfR QR\QD^ BX]@AOCSRY WUP-(?RB]r}?$""5#7XVOV\_RMWCAQR\O^EOL\^E ^}P[SP_.,a}<1#8/ "b1; <%9&`;0M ]F^ PAktaPJTZ"Q[F&5%*6Uyb<=LB*v05#"5?*vSVVWIO55>A@E_YLB!s|7&$(NQ$`~g"=)L\^E ^hw!VS]LB$`~g"=)RL<6}gs1;8"$?:PQUTVOV4)#O] CFQC!8,dpq=!#8"4]s`=#>)".,gf -M ]F^ PAktaPJ\BB\Qp ;:?5? }d|&&4RL:*|gw '$#>MQZ\ V+1>NNXM %=#:5?0{~|LH"?#=CSRY WUP-(?RS0WCDL Y N["?#=]xw?5'#";&`b{=:M ]F^ PAktaPJ[B@CQ\F\T@QL{t3>">&(1ax} `tw<,SP#.1wt|+TE]WMO:wbLB]\LB0qcw7:4RL!"aeb'6!%3$3PQUTVOV4)#O] \EU[^TU DHB 1>7bdp>=.% S_q~|<1.89"-fhb7TE]WMO:wbLQLq~|<1.89"-fhb7JQ/8",at|1;8"$?:PQUTVOV4)#OL ' ,89"-PQUTVOV##RS mE ?AHA _B1 AH_ MWIWN[ 9$,7{~|LH9%=(8.aSVVWIO55>A ?,'pp|6TE]WMO:wbLEQC2?,sup3:)RL>3wtvR^TV QR4&aP_>3wtvLHB/? 3gew JQ#")&`n3$SP??'wcPNA]Q \EmPNBOCDT@MOR@XUNP@B_PNRM@X] MOSF^/\EW PN@OC@D\/ VTPDOLFnFQR]AR] 2[BFOV, 1 ]ZEFNBCMATQAWFSC LPX\ BR\A MWIW-EA\\O "5?-=Sn88;{HB<""3wcf++=9$Sn88;{H=>?=&`ek-$88P_TP7 \T@RSn88;{}Q<1?"m%=#(?:0mu{ +1UT\( W_F\ LB3scs?J`fydjb ;=)"9:mag&J`fyd_~`61?R}gj; } 0(>P ALXNP_A]/PT [_PEA\\OR FHPDOLQnQ ^R Un_QR]ACW ^ R FPT <[UP@OLWCm MOQBF\YAXV/BTPDOL\E@+^p~>VMmSWQROCVPF+PA?x}deL &fy}6T ^bQO]?;;{}dP ,1s|DC_]BX_as 5 R}gj;8;N$,>1 ] CFXP_="`pLygeyd_|w&<"(N`i;8];?(5?]?;;N[">4(1m|s"JQ 1>7mw{ '93"(%`ta:J\]B^WJLQC<,0fnt;&>8/?&tcw!1)+5)<pbLH">4(1XVOV_]B^AUS2 ^LH">4(1XVOV_^F^AUS2 ^LH">4(1XVOV_^H^AUS2 ^LH">4(1XVOV__@^AUS2 ^LH">4(1XVOV__B^AUS2 ^LH">4(1XVOV__DYAUS2 ^LH">4(1XVOV__HYAUS2 ^LH">4(1XVOV_X@^AUS2 ^LH">4(1XVOV_XB^AUS2 ^LH">4(1XVOV_YB^A=&))"M V@A_XRB]~`61?L ^DGOCNQ,`uw TMOQP[SP??'wcPNBXW / VP[SP??'wcPNBX[LH">4(1XVOV_YFYAUS2 ^LHB-3&-}f~70*)42.saN15/5=7{~|-9,<_S_apm659-N`i;862$ 5!*ae~(! 9:?;]0+%<(/{bfLygeyQ'dp~'1!%#9]?;{ CsRQazQLvgs>!( 9>7<8{}Q(;(:~xa&J`f/%qEC/AH]SAG[AI)W 1CT[1(%qs7 `fLB'ytk>=>8N`i;86 4<5Sn8?xHB($43w?x}dP4.,gf =(?N`is}~~QC4.,gf =(?N`i;86$?#$( f?xE`fLB'bc}&1.8N`i;85+&"N`i<8N[*3;#]?;;{H*3;;]?;~QC72(d?x}dP72%<8@ygP_*/5+1wbz-2,%<('me}-'8%3$'w?xFX\}g_p-2$>#9<`tt 1>$/+"{}w6+9#/>6{r{61Sazdjp-'(/?#'mcw4&(?8Sn8?xHB"220wr}<02>5+1wbzLygeyQ1gm=&))"2'w}s+J`fA_S?;]&8"/"1vt`-0( 14]?;;{H>)3"-vn`72?)#%)3"-vn`72?)#%>7s}~Lyg;9#?ft"(`fLB3sez-=#?$,/~?x}dP1.(|~e>1)+5Sn8~y~QC1.(|~e>1)+5Sn88;N=#?$,/~u{ J`f FC[ygP_$-aes>8)%"Sn88;N',3%?/<8KGMQ^_~QC#,ìhaõçùèˆƒŒÅr¬qŠÉ>g?”_z–©½q²»®ŸÏÔ Æ?gˆá½#âB?Ïˆˆeæ€›úÌ~4›30Î£é3#ýrfH5F’0Ý®K:Nv’–ï:C.0gÊ•uT|Nyˆþ½þÃO6¹É’ê3ÎÕ4_š<}H…Å?Y$‹œØ2QÞ? Ù±"Th»©ÿ7áá²Ÿ¢LË-€…¥ÓšêçWÄOøúÈH¤.Ä"Ï‘¼k]^˜ÜX˜²PÄ( êÞ£Í;zu[ƒÀ{’Û£ˆÃúî0ÜbÌtp¿!¸#=ÄL”4Ë·˜µœ—¶«3Ò´ž”lSAT^÷$ùâÝ@WWTq’æ«'œõÑHÁy•†ÊXýg¶tº¹®s¡Sˆ±É7¥]íƒ°9Ô,j„ÔÖü{j ¼¿›Õµ}°?q¹I/) 3,»#Z!ÄÔ)¡îþ×`R S–¯b ww¿ÿOCù¹ÚŸ¾ ýŒ7p¯‡¾¨} Úz›±Õ!5Û‡MÕN¦xC¼ÂNAÓeäA§~ Ýµ€ØKt?ï1Ôƒê¶Bÿ8WU!AÝrÔå«µ`ÿ„QdÏ’uÌ”,—DmShµ· ‘U9Bv´æöêÑ¤†#¨í²þÉž7EV@õWƒû´žE%ÜcÏEv8Ö/©`œºzÁ kº)$‰¡h 7oqþDÏ5„Â ×tŽ~U.ç«=gÔå}å#£gZd˜âL[¢.¦d^Ó?&_1›dßÌìåñáâiî””2Hå„ééÝr,Q_ÖúGl˜¢æ×kpE(-w¤d†Ó.zŸ3¹Xño óÕ&ML:òÉëÜ¥¤KrûhwAŸ^ž/"§††fXm>a™E•†~´ú@{åÞÚDoVLuú£u˜|è|m©‡®{×@“–#2|kx FAãE|É¸yÁkO `š]Q‘y½°:H!r-}µt>u@ûIMeaD;l'¨5%4©?[paÅÎ+.Ð˜ wH¶ì!°’ø_àJ±—j¬t>Wƒ iÕLZ‹EyBv£š×ç…îÂ]Nq}V[üûñ©3çÇ<kò 7†le Eºà§UŠ&¦H€*}Ãm<µ|ŸhÈàà6ÇA8ç{(~úu"F©ÄÉ3N‘|ðQ±¬ü}üß¶ÇÊT®ËF,®o‡æÍZôð´¹ëC{‚Cd°ÆF/{:ôàÙM‰g„ìeîþð§Çàæ')Ë3|\bYiA@sšZ§ä’Šm?µ…ƒuüŽ…>gëx·°âÈKèšWGQåâÿ‰h-ÀÕáÈA†o…ëRÍB0K ãrBÚ7&pKmîŸÞVnW–*Ê¦T5.tÕcArF"D$!–¥FbÈC4‚®ùs$8mØkãýçL…o*dVe™9cÉÃmË&CwQ8eŠB½²Tó·aË|´ã.Ï cô’¬-MÖÄJ4‹úõ…«„®ª†Q<Ú› X.Fa`0ý{}_VüA¿¿\®Eƒ¡ä½÷ÑUÛµiÐ”•ÊÞô™Î„hãŸ|ØÕŽ Wwô=Íìê+íU>Ð²Â?‚A‘ð§Ð‡ákÝºÑpØìA„¬ ë)Áf!ÕŽ@‰—ßi°†TX4SUO §0iê¾òlÑ â_¬Úv]P&_*cbÙ±lJã(¦XIT$GvÐö!FÝ|0&ºÀÃÚ¦+þL-IŸx6Ôá€öDï#Ù¡W&"8ßø0ýÐ©œìCí H¸iÔy¿l*T9ÂH\®˜+ï'—;²h¥^ô”Ïö³b›¼D£•µg#œ2G¾,ÙEâÚ<)mâIÈhôlúãÃ³ÿ¯»Ô«$>¥)!#Æ?¢n“=”RÞÊŠD²ÏUÑpö* $x½†cüÝ-P IöÅZeUèDˆœûFâ´¸È¨¶šo¼q¶ke e;Òo kŽm!uTÿìäJý§@ÀmKoÀõ€ªàŽÜ0·^Ó†*ï\ÕWäØi}–“âð¡ËcÑå 6ñFÑ`c.ãP Bý=@4Þ8¢²ji«)6$d)VfÔÝ·àK±¡2iSsÝ‘i !n¡†)×ïfñms“Ž+Û t!ýb¥ÕE»ýB¡êk µdº€ ZŸ§6OsÆ08ýT¡óÑ©¤Î ìRMOè½è]Þ` þ[²Tžk¿¸â~Ç¸°T9Ý¢Ty°à«Kª´×[ìöUvÁ7bdæýÝCõÀá´ë²ÁÑ¡Q Ÿ@ÃÎ˜ó=‚ÙËçM´!âËiéªˆtá>c•)ßcTk‹`Õ&mŽu8¯BcÀ•ryû–N·ExTyU¶T=K>kª³ÏUM¹ÿmªj±K9žà]DbÅìc¡JóH³ŠaPtÃ.+“è a¾¤¢«Aduë÷Âøß8åe\–-Uî´Quª‘_=žh¤¥?ï®û:å.ûKVÞø4mlPH,74‹Jû`ý²/S®L-jrÆaj˜,œãÕô`2<©²¾@8$åêíXÔÔÍëkró¹¿\>Øpœ+ê+á¤cù]`2ü®G^'züÛWÜª3=ÛýT «å"…'ÂPo ËbcAG3ˆcÔôç”ÿ FãQìT³muÐÿ ¡:MIØMHÌKìêÍz¶vHÛFØåø}Gü#žÛ "«6»5ø™/’íÌ÷Žw‘~x÷Š†mâÄ‹~ŸH “ùˆüÖQ²û-†,þ¬¶ºK„¹íø˜›ÿ»k·J¦à/|Ä}Âa#‹ð/~¦FzÃ´{F2k¤>‘{Ø[C¥ùo Ü?„×m§/. ¥›R“ìË$QSàqênäê ëpC”vZõC£mIºà*dØèµ _ú ‡^…ž3>c v‘öÔtTÑ?äÏ¬¯½MáKþü³Ê7Ã;›{K»Õä>s;²T«>{åVÕ>Ð÷ëØ•\®Ç˜‹,¿Gý<3eùøÙUÅÅ—ÏÉÖ ”žTŠss |MU½ŸàmB Y'—ð@‰[7·°AòuÉ¿à0ŸH%9‡1_ÿóºÉ¿ôÔËµŸÁXHÈY&#/Ê¡{vmŒ³û¢Â.ÓÜ—ÊeõTæ!ž¦&ûJc¬_íÑô7òŽM¤ß4rþ÷"ÙOfâ)Õ¬S“ÕVÜIÍ:Zq¨µ‡p&L}é1âh†û€å[ÿ©æé‚-NFèÏà}amüðÌà‚-íAŸ g„öø¤ŸUñoÃ8ò¸~ò“/¢×Ë^ƒ"â€ My_;wÏâîBE$ÖwñX`§Ð…jdÈÀ½©Ç9«xO¾B\-XÍwM^iÊ=Î¸N5†˜cŸÐÿJšáß¼_Áw»†@ÔXªpÚ‰S± ¨Ó¡rãV°>æónëØ9ð¹Ñw9¾Ü£ë?3¿ÝÔ:ÖLøù‰ùµ]de™„þR¸« geÚ=t¸ÔU\€" O^ÆóRÑž¼’Ìÿ9Ò‰4GR-sÂ'Ã:«Ö„¯n™Ë†Êgš&¹OµU?¢S&kO»Á¹“þŒg!ži™M×¨…¡R¿‡Ÿ>”§LvB¶UÔvù¡çšJA[rS¾òä0à HìæBu‘“\Ò>zªó•—áÆ«·î†ºÂ˜ÿÛƒëW´"ñCRœFs`Ä¬ñ•2¢ôö~ó®¹õdäÀFŸHþÌ9yè›¨Õ†Ž|æ}j‰ŒŽdãèƒR`O÷ÈÈšƒ-Xš30—ã „ÔT…h0§û¥«¢‰¾IîgÐéýÆŸpg._œ¹´ÆsÒî˜›’›S’“ªŠœœó•þY—\éR’÷âž—˜üJ“¯o’nŸ€üïŸ›†ˆâs²î˜±æ3“‰“²›~ˆrSŽÂ^™ÎMä“kÊ”^‡oŸŠÒlŒÊî˜¡U£RŸˆ™¨K…8™†Kš4Nu.h/‘Ü©ÑP¶ ŽÊ/ ›°×–È)œ×’=ËK†£ægž|Ê†X8{¡âÌ["Æÿœ<³îàz†¥r”|ÿÂv§µn‘_ù\`Wë+ÊÜ•ÓQäO‰Ÿ—QèûÜVÙ æµ…%'Œ‹wn~âÚër¦¢¥d~P¦GÃ¡vOïÀïYå LV€ãÇÃ nEVFK¸„:ï®±ÕîÒÜÝ²)[¡Uœbÿ–Öæ10í©X0¶2åÀœS-"|”ƒí™l°ÄHð94€æx,«3jZ(Ê—â«Ðê`{ƒ¥Š²RÊ:BÆNù)îf9Ÿìçäòy‡‡ ™‹JPò õrïK<û"-Àlêµ÷S‡ÉµÔK…vETð½ËcunîôkÌ,&×'t÷ø]ÜýsþÌ…<É!&Ë+©-G-Xæ&ïHàå]¡€Dâæ oB_ÅÈ¥[têàC$q÷o?þ‡t=>Gý©Ý2ÆsžVòðñ—Qºàøñªÿ¯Ê¶meä¥C•æáË|^{¡ïw1n]A 7¾ÉÊ Þ;ºšcT|êÏG:<ŠMTf¦£iŸ¼í4Ë°§$ÆR¬à!ÒŸ8ÝO'AæÇÀ~ó ý!Ý‰ýYÏ·…R8ý†dS¶ºìîà-`3·y§ú£Cì2yË÷‰ X !!oä4P,ˆ«C}Íó!I[Tx3š:ÃTÔ»ñÊ¹j&-`ÿ&ãæH’ÄÞ Ï¥‰aêæ‡Bw¦UtøAÛß0ùäN•áFö'ûr¼¸þØû³¿< [¬ªË¼§]- ÍWÏ/1êXP@¤±m¥þž_<§#Wùß•?¤5Q¼sæ•W¡ý ›Tðãf+íÓ¢½#íÐ+E·a-r¥Lw®U§nËh…œ-uò·H:¬ŒnÂ&¥`ïc£þ3Rþ¾xuÚÕlàêÎ¬#(ZÈ1OPL=k_ê5T•UÌI€3X'K3Xû*üyÑ©m4çW†)V¿×z®Õ®´é÷tº_Õ?ìLi×s#ÒÉxDAç ©ÿmÑêú•¶-.åšxõ¥@?€æT'SêNën´!ækÐsîü³Ó=øž»DÔòf…—md,¾}ìdŒfû Þ{:‰œônþR Â†w§9~È#Qzèuó1.o÷‰ˆ8Œèä1±xÍðÈ«ÉÒ„V=ßÝþqÎW$ NA¼XâAUÒ:PÒíù(ÔÀYî¹x°ëèR½¹±£§‘º:Z*°Û¹÷:ö~ëÞ¤éMGúÂU‹ö”PeàJ¶Ÿ‹™+—áaO–¢

Utilisateur anonyme · Answer

rien d'exploitable pour moi..va falloir virer tout ca maintenantcopie et colle dans le bloc note et enregistre en .reg, donne le nom que tu veuxREGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"csymenbkzj"=-en mode sans echecs, passe le reg et supprime:(avec chaos s'il faut)msplock32.dll csymenbkzj.exe csymenbkzj_navps.dat csymenbkzj-nav.dat csymenbkzj.dat redemarre, reposte un silentrunnersupprime leur references dans zone alarmverifie si aucun n'est reapparu et fais un scan chez pandaa+

Utilisateur anonyme · Answer

verifie avec chaos, si celui ci existe dans system32:msclock32.dllje l'ai pas mentionné, mais vide les temp sur tout tes comptes.au fait, on peut faire un scan av complet chez kaspersky maintenanthttp://webscanner.kaspersky.fr/

Utilisateur anonyme · Answer

re,celui ci existe que avec chaosmsclock32.dll bon je passe les rega+

Utilisateur anonyme · Answer

re,pour le fichier j arrive pas a le mettre en .reg, why?je copie/colle, ensuite je fais enregistrer, je met un nom de fichier mais le type je peux mettre que *txt ou tous les fichiers,je fais mal?

Utilisateur anonyme · Answer

type doit etre sur tout les fichiersdans nom, met regis.reg  (avec l'extention reg)quand tu colle dans le bloc notes, REGEDIT4 doit etre sur la premiere ligne (pas de ligne vide au dessus)

Utilisateur anonyme · Answer

oupsssalut mona ;-)

Utilisateur anonyme · Answer

re olivier, coucou ma mona cheriealors j ai passer le regj ai supprimermsplock32.dll csymenbkzj.exe csymenbkzj_navps.dat csymenbkzj-nav.dat csymenbkzj.dat j ai enlever ds zone alarme la reference existanteDans chaos,msplock32.dll csymenbkzj.exe csymenbkzj_navps.dat csymenbkzj-nav.dat csymenbkzj.dat Ils n apparaissent plus !Par contre msclock32.dll y estle silent:"Silent Runners.vbs", revision 39, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"RecordNow!" = (empty string)"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]"BackupNotify" = "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [null data]"Acme.PCHButton" = "C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" ["Motive Communications, Inc."]"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]"CamMonitor" = "c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [empty string]"HPHUPD05" = "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [file not found]"HPHmon05" = "C:\WINDOWS\System32\hphmon05.exe" ["Hewlett-Packard"]"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]"UpdateManager" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]"VTTimer" = "VTTimer.exe" [file not found]"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON"]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"AOL Spyware Protection" = ""C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]"msnappau" = ""C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ {++}EXECUTION UNLIKELY: "Registrando Panda ActiveX" = "C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\as.dll" [MS]EXECUTION UNLIKELY: "Registrando Panda Almacen" = "C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\pavpz.dll" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{19CC43A1-6925-4B48-B292-830291F393A6}" = "HPNSView"  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdns_01.dll" [empty string]"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\RecordNow!\shlext.dll" ["Sonic Solutions"]"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{D3581EB7-5E16-4182-9F58-86FA713B42F9}" = "AOL"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\aolshare\shell\fr\shellext.dll" ["America Online, Inc."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]DESKTOP.INI DLL launch in local fixed drive directories:--------------------------------------------------------D:\cmdcons\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]D:\MiniNT\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]D:\PRELOAD\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]D:\I386\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]D:\TOOLS\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]D:\hp\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]Startup items in "Propriétaire" & "All Users" startup folders:--------------------------------------------------------------C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]Enabled Scheduled Tasks:------------------------"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = "Vue HP" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = "Vue HP" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]HKLM\Software\Microsoft\Internet Explorer\Toolbar\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]Explorer BarsHKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]Dormant Explorer Bars in "View, Explorer Bar" menuHKLM\Software\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ = "Vue HP"Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\"ButtonText" = "AOL Toolbar""MenuText" = "AOL Toolbar"{85D1F590-48F4-11D9-9669-0800200C9A66}\"MenuText" = "Uninstall BitDefender Online Scanner v8""Exec" = "%windir%\bdoscandel.exe" [null data]{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\"ButtonText" = "Real.com"{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"Missing lines (compared with English-language version):[Strings]: 2 linesRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 164 seconds.+ The search for all Registry CLSIDs containing dormant Explorer Bars  took 18 seconds.---------- (total run time: 220 seconds)

Utilisateur anonyme · Answer

verifie si tu as cette entré dans le registre:HKEY_CURRENT_USER\SOFTWARE\MCsilentrunners est oktelecharge Registry Search Toolhttp://www.billsway.com/vbspage/vbsfiles/RegSrch.ziplance le et dans la boite de dialogue tapemsclock32poste le résultattu as essayé de supprimer msclock32 et il est reapparu apres redemarrage c'est ca ?

Utilisateur anonyme · Answer

re,cela je n ai pasHKEY_CURRENT_USER\SOFTWARE\MC pour msclock32 je n ai pas essayer de le supprimer encore non ! j ai rien fait a celui laje fais Registry Search Tool ?PS: la souris galere encore GRRR

Utilisateur anonyme · Answer

oui fait le et poste le resultat

Utilisateur anonyme · Answer

re,no instances of msclock32 foundbon appetit moe

Utilisateur anonyme · Answer

okvire msplock32.dll regarde dans program files si tu ne vois pas de dossier suspectet fais un scan en ligne, chez panda ou kasperskyad'taleur

Utilisateur anonyme · Answer

Moe,msplock32.dll a disparu ! sniff il est ou ce con?

Utilisateur anonyme · Answer

tu le trouve plus ?meme avec chaos ?

Utilisateur anonyme · Answer

meme avec chaos, je le trouve plus !Bizarre ...

Utilisateur anonyme · Answer

il était là apres nettoyage et reboot ou pendant ?

Utilisateur anonyme · Answer

il etait apres que j ai ete en mode sans echec et supprimer les fichiers .dat, j ai regarder lorsque je suis revenu en normal !ensuite ona passer le Registry Search Tool et apres plus la

Utilisateur anonyme · Answer

tu as éteind le pc depuis ?

Utilisateur anonyme · Answer

Non, juste deconnecter du net, debrancher la prise telephonique et bloker l acces du net avec zone alarme

Utilisateur anonyme · Answer

ils reapparraissent toujours dans za ?fais le scan en ligne pour vérif

Utilisateur anonyme · Answer

re,dans zone alarme plus rien !le scan je le ferais demain je vais bientot dormir demain boulotjte remercie moe, gracias !!je peux eteindre l ordi sans bleme?a+

Utilisateur anonyme · Answer

re moe,j avais tout fermer et avant de partir me coucher cette affaire la me turlupiner, alors j ai re regarder ds chaos shredder et je l ai trouver, je vais le supprimer, voila pour l info ;-)(je suis revenu expres te dire cela lol)Merci moe, demain je fais un scandouce nuit et bonne nuit a tous le forummmmmmmmmmm[extinction des feux]

Utilisateur anonyme · Answer

ok, soit sans pitié !!à demaina+

Utilisateur anonyme · Answer

salut moe,je l ai virer, ce st pas revenupour celui j ai virer hier, chaos shredder a eu du mal j ai du l arreter avec ctlr+alt+supp, mais je le vois plusma souris deconne encore, une idee?a+

balltrap34 · Answer

salut regis et moe je vois que c est toujours pas regler ton truc lolta souris est une sans fil?

Utilisateur anonyme · Answer

salut balltrapj ai cocher aussi la case de desactivation de prise de controle du pc a distance (un ami informaticien m a suggerer cela)sinon , non c est un fil !j essayerais de la changer peut etre que c est materiela+ merci

Utilisateur anonyme · Answer

balltrap tu peux prendre mes postes stp?

balltrap34 · Answer

je vais essayer dans prendre oki

S!Ri · Answer

Salut Tu peux télécharger ca:http://siri.urz.free.fr/Softs/TaskBot.exeClick sur le bouton Rapport (Disquette) et colle le rapport ici.Essaye un scan avec ca aussi:http://www.sysinternals.com/Files/RootkitRevealer.zipa+

Utilisateur anonyme · Answer

salut sirie,cest bien ceci que tu veux?TaskBot LogFile v0.96.3Log du 10/08/2005 à 20:59:03Windows XP Service Pack 2 (5.1.2600)Internet Explorer v6.0.2900.2180Processus exécutés au démarrage avec le registre:-------------------------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run[RecordNow!] = [NVIEW] = rundll32.exe nview.dll,nViewLoadHook[BackupNotify] = c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe[Acme.PCHButton] = C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe[ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe[MSMSGS] = "C:\Program Files\Messenger\msmsgs.exe" /backgroundHKLM\Software\Microsoft\Windows\CurrentVersion\Run[hpsysdrv] = c:\windows\system\hpsysdrv.exe[HotKeysCmds] = C:\WINDOWS\System32\hkcmd.exe[CamMonitor] = c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe[HPHUPD05] = c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe[HPHmon05] = C:\WINDOWS\System32\hphmon05.exe[KBD] = C:\HP\KBD\KBD.EXE[UpdateManager] = "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r[Recguard] = C:\WINDOWS\SMINST\RECGUARD.EXE[NvCplDaemon] = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup[nwiz] = nwiz.exe /installquiet /keeploaded /nodetect[VTTimer] = VTTimer.exe[ATIModeChange] = Ati2mdxx.exe[PS2] = C:\WINDOWS\system32\ps2.exe[ATIPTA] = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[Microsoft Works Update Detection] = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[RealTray] = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER[AOLSAV] = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe[AOLDialer] = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe[SpeedTouch USB Diagnostics] = "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon[QuickTime Task] = "C:\Program Files\QuickTime\qttask.exe" -atboottime[AOL Spyware Protection] = "C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"[AVGCtrl] = "C:\Program Files\AVPersonal\AVGNT.EXE" /min[Zone Labs Client] = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[msnappau] = "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"Hosts:------C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1       localhost127.0.0.1	1ad2srvr-cpt-v1.com127.0.0.1	www.1ad2srvr-cpt-v1.com127.0.0.1	207-182-237-233.visionaire-us.com127.0.0.1	www.207-182-237-233.visionaire-us.com127.0.0.1	3721.com127.0.0.1	www.3721.com127.0.0.1	680180.net127.0.0.1	www.680180.net127.0.0.1	7search.com127.0.0.1	www.7search.com127.0.0.1	Ad.doubleclick.net127.0.0.1	www.Ad.doubleclick.net127.0.0.1	Adserv.internetfuel.com127.0.0.1	www.Adserv.internetfuel.com127.0.0.1	Akapp.whenu.com127.0.0.1	www.Akapp.whenu.com127.0.0.1	App.whenu.com127.0.0.1	www.App.whenu.com127.0.0.1	Banserv.internetfuel.com127.0.0.1	www.Banserv.internetfuel.com127.0.0.1	Bidtxt.whenu.com127.0.0.1	www.Bidtxt.whenu.com127.0.0.1	Corr.conscorr.com127.0.0.1	www.Corr.conscorr.com127.0.0.1	Dclcorp.rpts.net127.0.0.1	www.Dclcorp.rpts.net127.0.0.1	Drk.localnrd.com127.0.0.1	www.Drk.localnrd.com127.0.0.1	Homecgocable.net127.0.0.1	www.Homecgocable.net127.0.0.1	Netbroadcast.com127.0.0.1	www.Netbroadcast.com127.0.0.1	Smartpops.com127.0.0.1	www.Smartpops.com127.0.0.1	Spapp.whenu.com127.0.0.1	www.Spapp.whenu.com127.0.0.1	Xxxtoolbar.com127.0.0.1	www.Xxxtoolbar.com127.0.0.1	abetterinternet.com127.0.0.1	www.abetterinternet.com127.0.0.1	active-alert-server.com127.0.0.1	www.active-alert-server.com127.0.0.1	active-max.com127.0.0.1	www.active-max.com127.0.0.1	addictivetechnologies.net127.0.0.1	www.addictivetechnologies.net127.0.0.1	address.3721.com127.0.0.1	www.address.3721.com127.0.0.1	adopt.hotbar.com127.0.0.1	www.adopt.hotbar.com127.0.0.1	adpopper.outblaze.com127.0.0.1	www.adpopper.outblaze.com127.0.0.1	adroar.com127.0.0.1	www.adroar.com127.0.0.1	ads.adroar.com127.0.0.1	www.ads.adroar.com127.0.0.1	ads.adtomi.com127.0.0.1	www.ads.adtomi.com127.0.0.1	ads.centralmedia.ws127.0.0.1	www.ads.centralmedia.ws127.0.0.1	ads.hotbar.com127.0.0.1	www.ads.hotbar.com127.0.0.1	ads.internet-optimizer.com127.0.0.1	www.ads.internet-optimizer.com127.0.0.1	ads.offeroptimizer.com127.0.0.1	www.ads.offeroptimizer.com127.0.0.1	ads.vx2.cc127.0.0.1	www.ads.vx2.cc127.0.0.1	ads3.virtumundo.com127.0.0.1	www.ads3.virtumundo.com127.0.0.1	ads4.virtumundo.com127.0.0.1	www.ads4.virtumundo.com127.0.0.1	adserv1.ebates.com127.0.0.1	www.adserv1.ebates.com127.0.0.1	adtactics.com127.0.0.1	www.adtactics.com127.0.0.1	adtracker.411web.com127.0.0.1	www.adtracker.411web.com127.0.0.1	advertisingagent.com127.0.0.1	www.advertisingagent.com127.0.0.1	agent.3721.com127.0.0.1	www.agent.3721.com127.0.0.1	ajokeaday.com127.0.0.1	www.ajokeaday.com127.0.0.1	ak.imgfarm.com127.0.0.1	www.ak.imgfarm.com127.0.0.1	akapp.whenu.com127.0.0.1	www.akapp.whenu.com127.0.0.1	akweb.whenu.com127.0.0.1	www.akweb.whenu.com127.0.0.1	allaboutsearching.com127.0.0.1	www.allaboutsearching.com127.0.0.1	almightysearch.com127.0.0.1	www.almightysearch.com127.0.0.1	alpha.searchassistant.net127.0.0.1	www.alpha.searchassistant.net127.0.0.1	altnet.com127.0.0.1	www.altnet.com127.0.0.1	amazingautossearch.com127.0.0.1	www.amazingautossearch.com127.0.0.1	amnv.net127.0.0.1	www.amnv.net127.0.0.1	ao.lop.com127.0.0.1	www.ao.lop.com127.0.0.1	app.desktop.ak-networks.com127.0.0.1	www.app.desktop.ak-networks.com127.0.0.1	app.ezula.com127.0.0.1	www.app.ezula.com127.0.0.1	app.whenu.com127.0.0.1	www.app.whenu.com127.0.0.1	app.whenu.speedera.net127.0.0.1	www.app.whenu.speedera.net127.0.0.1	assistant.3721.com127.0.0.1	www.assistant.3721.com127.0.0.1	avenuemedia.com127.0.0.1	www.avenuemedia.com127.0.0.1	ayb.lop.com127.0.0.1	www.ayb.lop.com127.0.0.1	b3d.com127.0.0.1	www.b3d.com127.0.0.1	badsol.bianas.com127.0.0.1	www.badsol.bianas.com127.0.0.1	badurl.grandstreetinteractive.com127.0.0.1	www.badurl.grandstreetinteractive.com127.0.0.1	badurl.ieplugin.com127.0.0.1	www.badurl.ieplugin.com127.0.0.1	bannerserver.gator.com127.0.0.1	www.bannerserver.gator.com127.0.0.1	bannersxchange.com127.0.0.1	www.bannersxchange.com127.0.0.1	bannerx.adtactics.com127.0.0.1	www.bannerx.adtactics.com127.0.0.1	bar.mywebsearch.com127.0.0.1	www.bar.mywebsearch.com127.0.0.1	bc2.gator.com127.0.0.1	www.bc2.gator.com127.0.0.1	bde3d.com127.0.0.1	www.bde3d.com127.0.0.1	belt.abetterinternet.com127.0.0.1	www.belt.abetterinternet.com127.0.0.1	beta.searchassistant.net127.0.0.1	www.beta.searchassistant.net127.0.0.1	bg.gator.com127.0.0.1	www.bg.gator.com127.0.0.1	bg2.gator.com127.0.0.1	www.bg2.gator.com127.0.0.1	bi.gator.com127.0.0.1	www.bi.gator.com127.0.0.1	bidtxt.whenu.com127.0.0.1	www.bidtxt.whenu.com127.0.0.1	bigbrother.gigatechsoftware.com127.0.0.1	www.bigbrother.gigatechsoftware.com127.0.0.1	bins.lop.com127.0.0.1	www.bins.lop.com127.0.0.1	bis.180solutions.com127.0.0.1	www.bis.180solutions.com127.0.0.1	bluehavenmedia.com127.0.0.1	www.bluehavenmedia.com127.0.0.1	brilliantdigital.com127.0.0.1	www.brilliantdigital.com127.0.0.1	browserwise.com127.0.0.1	www.browserwise.com127.0.0.1	bundleware.com127.0.0.1	www.bundleware.com127.0.0.1	c.abetterinternet.com127.0.0.1	www.c.abetterinternet.com127.0.0.1	c.centralmedia.ws127.0.0.1	www.c.centralmedia.ws127.0.0.1	c.pornograph.com127.0.0.1	www.c.pornograph.com127.0.0.1	c4.iwon.com127.0.0.1	www.c4.iwon.com127.0.0.1	c4.maxserving.com127.0.0.1	www.c4.maxserving.com127.0.0.1	c4.mysearch.com127.0.0.1	www.c4.mysearch.com127.0.0.1	cadsol.bianas.com127.0.0.1	www.cadsol.bianas.com127.0.0.1	casinobuilder.i-lookup.com127.0.0.1	www.casinobuilder.i-lookup.com127.0.0.1	cassandra.searchassistant.net127.0.0.1	www.cassandra.searchassistant.net127.0.0.1	cc.iwon.com127.0.0.1	www.cc.iwon.com127.0.0.1	cdn.climaxbucks.com127.0.0.1	www.cdn.climaxbucks.com127.0.0.1	cdn.movies-etc.com127.0.0.1	www.cdn.movies-etc.com127.0.0.1	centralmedia.ws127.0.0.1	www.centralmedia.ws127.0.0.1	cfg.mysearch.com127.0.0.1	www.cfg.mysearch.com127.0.0.1	cfg.mywebsearch.com127.0.0.1	www.cfg.mywebsearch.com127.0.0.1	checkin.clickalchemy.com127.0.0.1	www.checkin.clickalchemy.com127.0.0.1	chromium.whenu.com127.0.0.1	www.chromium.whenu.com127.0.0.1	cjt1.net127.0.0.1	www.cjt1.net127.0.0.1	cleangetaway.biz127.0.0.1	www.cleangetaway.biz127.0.0.1	click2findnow.com127.0.0.1	www.click2findnow.com127.0.0.1	clickalchemy.com127.0.0.1	www.clickalchemy.com127.0.0.1	climaxbucks.com127.0.0.1	www.climaxbucks.com127.0.0.1	cns.3721.com127.0.0.1	www.cns.3721.com127.0.0.1	cnsmin.3721.com127.0.0.1	www.cnsmin.3721.com127.0.0.1	cocktailcash.com127.0.0.1	www.cocktailcash.com127.0.0.1	code.ignphrases.com127.0.0.1	www.code.ignphrases.com127.0.0.1	config.grandstreetinteractive.com127.0.0.1	www.config.grandstreetinteractive.com127.0.0.1	content.dashbar.com127.0.0.1	www.content.dashbar.com127.0.0.1	contexualsearch.com127.0.0.1	www.contexualsearch.com127.0.0.1	corp.3721.com127.0.0.1	www.corp.3721.com127.0.0.1	coupons.gator.com127.0.0.1	www.coupons.gator.com127.0.0.1	cr.stop-popup-ads-now.com127.0.0.1	www.cr.stop-popup-ads-now.com127.0.0.1	crap2.com127.0.0.1	www.crap2.com127.0.0.1	crossroad.trekdata.com127.0.0.1	www.crossroad.trekdata.com127.0.0.1	cs.hotbar.com127.0.0.1	www.cs.hotbar.com127.0.0.1	ct.cydoor.com127.0.0.1	www.ct.cydoor.com127.0.0.1	ctl.twain-tech.com127.0.0.1	www.ctl.twain-tech.com127.0.0.1	cust.bezeqint.net127.0.0.1	www.cust.bezeqint.net127.0.0.1	daptest.speedbit.com127.0.0.1	www.daptest.speedbit.com127.0.0.1	datastorm.biz127.0.0.1	www.datastorm.biz127.0.0.1	delta.adroar.com127.0.0.1	www.delta.adroar.com127.0.0.1	dir.3721.com127.0.0.1	www.dir.3721.com127.0.0.1	direct.simpletraffic.com127.0.0.1	www.direct.simpletraffic.com127.0.0.1	docs1.iwon.com127.0.0.1	www.docs1.iwon.com127.0.0.1	domain.i-lookup.com127.0.0.1	www.domain.i-lookup.com127.0.0.1	download.3721.com127.0.0.1	www.download.3721.com127.0.0.1	download.abetterinternet.com127.0.0.1	www.download.abetterinternet.com127.0.0.1	download.bonzi.com127.0.0.1	www.download.bonzi.com127.0.0.1	download.bulletproofsoft.com127.0.0.1	www.download.bulletproofsoft.com127.0.0.1	download.feiyang.com127.0.0.1	www.download.feiyang.com127.0.0.1	download.gigatechsoftware.com127.0.0.1	www.download.gigatechsoftware.com127.0.0.1	download.ipinsight.net127.0.0.1	www.download.ipinsight.net127.0.0.1	download.vx2.cc127.0.0.1	www.download.vx2.cc127.0.0.1	download.whenu.com127.0.0.1	www.download.whenu.com127.0.0.1	download2.abetterinternet.com127.0.0.1	www.download2.abetterinternet.com127.0.0.1	dyn.virtumundo.com127.0.0.1	www.dyn.virtumundo.com127.0.0.1	dynamic.hotbar.com127.0.0.1	www.dynamic.hotbar.com127.0.0.1	dynmenu.hotbar.com127.0.0.1	www.dynmenu.hotbar.com127.0.0.1	ecpm.com127.0.0.1	www.ecpm.com127.0.0.1	efc.iwon.com127.0.0.1	www.efc.iwon.com127.0.0.1	epsilon.searchassistant.net127.0.0.1	www.epsilon.searchassistant.net127.0.0.1	express.3721.com127.0.0.1	www.express.3721.com127.0.0.1	ez-searching.com127.0.0.1	www.ez-searching.com127.0.0.1	ezula.com127.0.0.1	www.ezula.com127.0.0.1	find-quick.com127.0.0.1	www.find-quick.com127.0.0.1	findology.mail.everyone.net127.0.0.1	www.findology.mail.everyone.net127.0.0.1	fstrack.7search.com127.0.0.1	www.fstrack.7search.com127.0.0.1	ftp.clicktracking.info127.0.0.1	www.ftp.clicktracking.info127.0.0.1	gator29.gator.com127.0.0.1	www.gator29.gator.com127.0.0.1	gatorcme.gator.com127.0.0.1	www.gatorcme.gator.com127.0.0.1	gbs.gator.com127.0.0.1	www.gbs.gator.com127.0.0.1	getweathercast.com127.0.0.1	www.getweathercast.com127.0.0.1	gi.gator.com127.0.0.1	www.gi.gator.com127.0.0.1	globaltoolbar.com127.0.0.1	www.globaltoolbar.com127.0.0.1	globalwebsearch.com127.0.0.1	www.globalwebsearch.com127.0.0.1	grandstreetinteractive.com127.0.0.1	www.grandstreetinteractive.com127.0.0.1	gs.gator.com127.0.0.1	www.gs.gator.com127.0.0.1	gt.gator.com127.0.0.1	www.gt.gator.com127.0.0.1	help.mysearch.com127.0.0.1	www.help.mysearch.com127.0.0.1	hits.411web.com127.0.0.1	www.hits.411web.com127.0.0.1	home.iwon.com127.0.0.1	www.home.iwon.com127.0.0.1	hotbar.com127.0.0.1	www.hotbar.com127.0.0.1	i-lookup.com127.0.0.1	www.i-lookup.com127.0.0.1	i1img.com127.0.0.1	www.i1img.com127.0.0.1	iads.adroar.com127.0.0.1	www.iads.adroar.com127.0.0.1	ieplugin.com127.0.0.1	www.ieplugin.com127.0.0.1	igetnet.com127.0.0.1	www.igetnet.com127.0.0.1	image.i1img.com127.0.0.1	www.image.i1img.com127.0.0.1	image.imgfarm.com127.0.0.1	www.image.imgfarm.com127.0.0.1	images.bonzi.com127.0.0.1	www.images.bonzi.com127.0.0.1	images.gator.com127.0.0.1	www.images.gator.com127.0.0.1	img.3721.com127.0.0.1	www.img.3721.com127.0.0.1	img.7meta.com127.0.0.1	www.img.7meta.com127.0.0.1	img.bannersxchange.com127.0.0.1	www.img.bannersxchange.com127.0.0.1	img.lop.com127.0.0.1	www.img.lop.com127.0.0.1	imgfarm.com127.0.0.1	www.imgfarm.com127.0.0.1	impression.7search.com127.0.0.1	www.impression.7search.com127.0.0.1	install.browsertoolbar.com127.0.0.1	www.install.browsertoolbar.com127.0.0.1	installdollars.com127.0.0.1	www.installdollars.com127.0.0.1	installs.hotbar.com127.0.0.1	www.installs.hotbar.com127.0.0.1	internal.vx2.cc127.0.0.1	www.internal.vx2.cc127.0.0.1	internet-optimizer.com127.0.0.1	www.internet-optimizer.com127.0.0.1	ipend.datastorm.biz127.0.0.1	www.ipend.datastorm.biz127.0.0.1	ipinsight.com127.0.0.1	www.ipinsight.com127.0.0.1	iron.whenu.com127.0.0.1	www.iron.whenu.com127.0.0.1	javatar.cjt1.net127.0.0.1	www.javatar.cjt1.net127.0.0.1	jbns2.cydoor.com127.0.0.1	www.jbns2.cydoor.com127.0.0.1	jcde-nms4.joltid.net127.0.0.1	www.jcde-nms4.joltid.net127.0.0.1	jcde-nms5.joltid.net127.0.0.1	www.jcde-nms5.joltid.net127.0.0.1	jcde-nms6.joltid.net127.0.0.1	www.jcde-nms6.joltid.net127.0.0.1	jcms.cydoor.com127.0.0.1	www.jcms.cydoor.com127.0.0.1	jcontent.bns1.net127.0.0.1	www.jcontent.bns1.net127.0.0.1	jdownloadacc.cjt1.net127.0.0.1	www.jdownloadacc.cjt1.net127.0.0.1	jedonkey.cjt1.net127.0.0.1	www.jedonkey.cjt1.net127.0.0.1	jicq.cjt1.net127.0.0.1	www.jicq.cjt1.net127.0.0.1	jmindset.cjt1.net127.0.0.1	www.jmindset.cjt1.net127.0.0.1	jpedownload.joltid.com127.0.0.1	www.jpedownload.joltid.com127.0.0.1	jpiolet.cjt1.net127.0.0.1	www.jpiolet.cjt1.net127.0.0.1	jwildmedia.cjt1.net127.0.0.1	www.jwildmedia.cjt1.net127.0.0.1	k17177.bins.lop.com127.0.0.1	www.k17177.bins.lop.com127.0.0.1	kazanon.com127.0.0.1	www.kazanon.com127.0.0.1	lead.whenu.com127.0.0.1	www.lead.whenu.com127.0.0.1	license.hotbar.com127.0.0.1	www.license.hotbar.com127.0.0.1	lists.adroar.com127.0.0.1	www.lists.adroar.com127.0.0.1	look-today.com127.0.0.1	www.look-today.com127.0.0.1	look2me.com127.0.0.1	www.look2me.com127.0.0.1	lop.com127.0.0.1	www.lop.com127.0.0.1	magic.3721.com127.0.0.1	www.magic.3721.com127.0.0.1	mail.vx2.cc127.0.0.1	www.mail.vx2.cc127.0.0.1	map.gator.com127.0.0.1	www.map.gator.com127.0.0.1	mark.3721.com127.0.0.1	www.mark.3721.com127.0.0.1	master.mx-targeting.com127.0.0.1	www.master.mx-targeting.com127.0.0.1	maxexp.com127.0.0.1	www.maxexp.com127.0.0.1	media.altnet.com127.0.0.1	www.media.altnet.com127.0.0.1	mediabuy-nic.cjt1.net127.0.0.1	www.mediabuy-nic.cjt1.net127.0.0.1	memorymeter.com127.0.0.1	www.memorymeter.com127.0.0.1	mercury.whenu.com127.0.0.1	www.mercury.whenu.com127.0.0.1	messagebroadcaster.net127.0.0.1	www.messagebroadcaster.net127.0.0.1	meta.3721.com127.0.0.1	www.meta.3721.com127.0.0.1	mindseti.com127.0.0.1	www.mindseti.com127.0.0.1	movies-etc.com127.0.0.1	www.movies-etc.com127.0.0.1	msearch.3721.com127.0.0.1	www.msearch.3721.com127.0.0.1	msview.cc127.0.0.1	www.msview.cc127.0.0.1	mt1.climaxbucks.com127.0.0.1	www.mt1.climaxbucks.com127.0.0.1	mt23.climaxbucks.com127.0.0.1	www.mt23.climaxbucks.com127.0.0.1	my.iwon.com127.0.0.1	www.my.iwon.com127.0.0.1	mypanicbutton.com127.0.0.1	www.mypanicbutton.com127.0.0.1	mysearchnow.com127.0.0.1	www.mysearchnow.com127.0.0.1	mywebsearch.com127.0.0.1	www.mywebsearch.com127.0.0.1	netpalnow.com127.0.0.1	www.netpalnow.com127.0.0.1	netpaloffers.net127.0.0.1	www.netpaloffers.net127.0.0.1	netsearchsoft.com127.0.0.1	www.netsearchsoft.com127.0.0.1	new.net127.0.0.1	www.new.net127.0.0.1	nictechnetworks.com127.0.0.1	www.nictechnetworks.com127.0.0.1	nopop.net127.0.0.1	www.nopop.net127.0.0.1	ns1.exportusa.com127.0.0.1	www.ns1.exportusa.com127.0.0.1	ns1.vx2.cc127.0.0.1	www.ns1.vx2.cc127.0.0.1	ns2.vx2.cc127.0.0.1	www.ns2.vx2.cc127.0.0.1	odysseusmarketing.com127.0.0.1	www.odysseusmarketing.com127.0.0.1	offeroptimizer.com127.0.0.1	www.offeroptimizer.com127.0.0.1	omegasearch.com127.0.0.1	www.omegasearch.com127.0.0.1	omi-update.net127.0.0.1	www.omi-update.net127.0.0.1	orbitexplorer.com127.0.0.1	www.orbitexplorer.com127.0.0.1	partners.hotbar.com127.0.0.1	www.partners.hotbar.com127.0.0.1	paypertext.com127.0.0.1	www.paypertext.com127.0.0.1	pchi-vtrk.virtumundo.com127.0.0.1	www.pchi-vtrk.virtumundo.com127.0.0.1	plugusin4cash.com127.0.0.1	www.plugusin4cash.com127.0.0.1	plus.iwon.com127.0.0.1	www.plus.iwon.com127.0.0.1	pm.altnet.com127.0.0.1	www.pm.altnet.com127.0.0.1	predictivesearch.com127.0.0.1	www.predictivesearch.com127.0.0.1	pricebandit.com127.0.0.1	www.pricebandit.com127.0.0.1	privacy.virtumundo.com127.0.0.1	www.privacy.virtumundo.com127.0.0.1	prizemachine.games.iwon.com127.0.0.1	www.prizemachine.games.iwon.com127.0.0.1	promos.hotbar.com127.0.0.1	www.promos.hotbar.com127.0.0.1	prosearching.com127.0.0.1	www.prosearching.com127.0.0.1	puv.hotbar.com127.0.0.1	www.puv.hotbar.com127.0.0.1	query.i-lookup.com127.0.0.1	www.query.i-lookup.com127.0.0.1	regserver.gator.com127.0.0.1	www.regserver.gator.com127.0.0.1	reports.hotbar.com127.0.0.1	www.reports.hotbar.com127.0.0.1	reports.offeroptimizer.com127.0.0.1	www.reports.offeroptimizer.com127.0.0.1	results.dashbar.com127.0.0.1	www.results.dashbar.com127.0.0.1	results.searchscout.com127.0.0.1	www.results.searchscout.com127.0.0.1	resultsmaster.com127.0.0.1	www.resultsmaster.com127.0.0.1	rs.gator.com127.0.0.1	www.rs.gator.com127.0.0.1	rspsearch.com127.0.0.1	www.rspsearch.com127.0.0.1	s.abetterinternet.com127.0.0.1	www.s.abetterinternet.com127.0.0.1	savenow-pop-ads.com127.0.0.1	www.savenow-pop-ads.com127.0.0.1	savenow-popup-ads.com127.0.0.1	www.savenow-popup-ads.com127.0.0.1	sbox.3721.com127.0.0.1	www.sbox.3721.com127.0.0.1	sbvr.com127.0.0.1	www.sbvr.com127.0.0.1	scriptserver.gator.com127.0.0.1	www.scriptserver.gator.com127.0.0.1	search.active-max.com127.0.0.1	www.search.active-max.com127.0.0.1	search.gator.com127.0.0.1	www.search.gator.com127.0.0.1	search.ieplugin.com127.0.0.1	www.search.ieplugin.com127.0.0.1	search.iwon.com127.0.0.1	www.search.iwon.com127.0.0.1	search.mysearchnow.com127.0.0.1	www.search.mysearchnow.com127.0.0.1	search.xrenoder.com127.0.0.1	www.search.xrenoder.com127.0.0.1	search2.i-lookup.com127.0.0.1	www.search2.i-lookup.com127.0.0.1	search200.com127.0.0.1	www.search200.com127.0.0.1	searchassistant.iwon.com127.0.0.1	www.searchassistant.iwon.com127.0.0.1	searchassistant.net127.0.0.1	www.searchassistant.net127.0.0.1	searchbus.com127.0.0.1	www.searchbus.com127.0.0.1	searchdisp.hotbar.com127.0.0.1	www.searchdisp.hotbar.com127.0.0.1	searchexe.com127.0.0.1	www.searchexe.com127.0.0.1	searchweb2.com127.0.0.1	www.searchweb2.com127.0.0.1	sentrymon.ipinsight.net127.0.0.1	www.sentrymon.ipinsight.net127.0.0.1	server.ipinsight.net127.0.0.1	www.server.ipinsight.net127.0.0.1	shanghai.3721.com127.0.0.1	www.shanghai.3721.com127.0.0.1	similarsingles.com127.0.0.1	www.similarsingles.com127.0.0.1	sina.3721.com127.0.0.1	www.sina.3721.com127.0.0.1	skins.hotbar.com127.0.0.1	www.skins.hotbar.com127.0.0.1	soap.alexa.com127.0.0.1	www.soap.alexa.com127.0.0.1	spapp.whenu.com127.0.0.1	www.spapp.whenu.com127.0.0.1	spawnet.com127.0.0.1	www.spawnet.com127.0.0.1	speedbar.myway.com127.0.0.1	www.speedbar.myway.com127.0.0.1	sputnik.vx2.cc127.0.0.1	www.sputnik.vx2.cc127.0.0.1	spweather.whenu.com127.0.0.1	www.spweather.whenu.com127.0.0.1	spweb.whenu.com127.0.0.1	www.spweb.whenu.com127.0.0.1	spywarehelp.net127.0.0.1	www.spywarehelp.net127.0.0.1	sqwire.com127.0.0.1	www.sqwire.com127.0.0.1	sqwire.i-lookup.com127.0.0.1	www.sqwire.i-lookup.com127.0.0.1	srch.lop.com127.0.0.1	www.srch.lop.com127.0.0.1	ss.gator.com127.0.0.1	www.ss.gator.com127.0.0.1	ssbackup.gator.com127.0.0.1	www.ssbackup.gator.com127.0.0.1	st.brilliantdigital.com127.0.0.1	www.st.brilliantdigital.com127.0.0.1	static.411web.com127.0.0.1	www.static.411web.com127.0.0.1	stop-popup-ads-now.com127.0.0.1	www.stop-popup-ads-now.com127.0.0.1	stubmon.ipinsight.net127.0.0.1	www.stubmon.ipinsight.net127.0.0.1	sue.lop.com127.0.0.1	www.sue.lop.com127.0.0.1	superwebsearch.com127.0.0.1	www.superwebsearch.com127.0.0.1	sysupdate.grandstreetinteractive.com127.0.0.1	www.sysupdate.grandstreetinteractive.com127.0.0.1	sysupdate.ieplugin.com127.0.0.1	www.sysupdate.ieplugin.com127.0.0.1	tdko.com127.0.0.1	www.tdko.com127.0.0.1	tdmy.com127.0.0.1	www.tdmy.com127.0.0.1	tefs.com127.0.0.1	www.tefs.com127.0.0.1	tfil.com127.0.0.1	www.tfil.com127.0.0.1	thinkingmedia.net127.0.0.1	www.thinkingmedia.net127.0.0.1	thinstall.abetterinternet.com127.0.0.1	www.thinstall.abetterinternet.com127.0.0.1	tin.whenu.com127.0.0.1	www.tin.whenu.com127.0.0.1	titanium.whenu.com127.0.0.1	www.titanium.whenu.com127.0.0.1	toolbar.i-lookup.com127.0.0.1	www.toolbar.i-lookup.com127.0.0.1	toolbar2.i-lookup.com127.0.0.1	www.toolbar2.i-lookup.com127.0.0.1	tooltips.hotbar.com127.0.0.1	www.tooltips.hotbar.com127.0.0.1	topicks.com127.0.0.1	www.topicks.com127.0.0.1	totalvelocity.com127.0.0.1	www.totalvelocity.com127.0.0.1	tpcms.topicks.com127.0.0.1	www.tpcms.topicks.com127.0.0.1	tpdownload.topicks.com127.0.0.1	www.tpdownload.topicks.com127.0.0.1	tpreport.topicks.com127.0.0.1	www.tpreport.topicks.com127.0.0.1	track.dlsearchbar.com127.0.0.1	www.track.dlsearchbar.com127.0.0.1	track.simpletraffic.com127.0.0.1	www.track.simpletraffic.com127.0.0.1	tracking.roispy.com127.0.0.1	www.tracking.roispy.com127.0.0.1	tracking.spiderbait.com127.0.0.1	www.tracking.spiderbait.com127.0.0.1	tracking.thunderdownloads.com127.0.0.1	www.tracking.thunderdownloads.com127.0.0.1	traffichog.com127.0.0.1	www.traffichog.com127.0.0.1	transctl-dev.vx2.cc127.0.0.1	www.transctl-dev.vx2.cc127.0.0.1	transctl.vx2.cc127.0.0.1	www.transctl.vx2.cc127.0.0.1	trickle.gator.com127.0.0.1	www.trickle.gator.com127.0.0.1	ts.altnet.com127.0.0.1	www.ts.altnet.com127.0.0.1	ts.gator.com127.0.0.1	www.ts.gator.com127.0.0.1	tss.altnet.com127.0.0.1	www.tss.altnet.com127.0.0.1	tv.180solutions.com127.0.0.1	www.tv.180solutions.com127.0.0.1	update.speedbit.com127.0.0.1	www.update.speedbit.com127.0.0.1	update.stop-popup-ads-now.com127.0.0.1	www.update.stop-popup-ads-now.com127.0.0.1	update.thunderdownloads.com127.0.0.1	www.update.thunderdownloads.com127.0.0.1	updates.desktop.ak-networks.com127.0.0.1	www.updates.desktop.ak-networks.com127.0.0.1	updates.desktop.virtumundo.com127.0.0.1	www.updates.desktop.virtumundo.com127.0.0.1	updates.hotbar.com127.0.0.1	www.updates.hotbar.com127.0.0.1	updateserver.gator.com127.0.0.1	www.updateserver.gator.com127.0.0.1	upgrades.hotbar.com127.0.0.1	www.upgrades.hotbar.com127.0.0.1	user.3721.com127.0.0.1	www.user.3721.com127.0.0.1	view.atdmt.com127.0.0.1	www.view.atdmt.com127.0.0.1	vip-farm1.hotbar.com127.0.0.1	www.vip-farm1.hotbar.com127.0.0.1	vip-farm1v.hotbar.com127.0.0.1	www.vip-farm1v.hotbar.com127.0.0.1	vip-farm2.hotbar.com127.0.0.1	www.vip-farm2.hotbar.com127.0.0.1	vip-farm2v.hotbar.com127.0.0.1	www.vip-farm2v.hotbar.com127.0.0.1	vip-farm31v.hotbar.com127.0.0.1	www.vip-farm31v.hotbar.com127.0.0.1	vip-farm5v.hotbar.com127.0.0.1	www.vip-farm5v.hotbar.com127.0.0.1	virtumundo.com127.0.0.1	www.virtumundo.com127.0.0.1	vlogic.ak-networks.com127.0.0.1	www.vlogic.ak-networks.com127.0.0.1	vmadmin.com127.0.0.1	www.vmadmin.com127.0.0.1	vrape.hardloved.com127.0.0.1	www.vrape.hardloved.com127.0.0.1	vtrack.virtumundo.com127.0.0.1	www.vtrack.virtumundo.com127.0.0.1	wap.3721.com127.0.0.1	www.wap.3721.com127.0.0.1	wb.gator.com127.0.0.1	www.wb.gator.com127.0.0.1	weather.gator.com127.0.0.1	www.weather.gator.com127.0.0.1	weather.whenu.com127.0.0.1	www.weather.whenu.com127.0.0.1	weather.whenu.speedera.net127.0.0.1	www.weather.whenu.speedera.net127.0.0.1	web.balance.gator.com127.0.0.1	www.web.balance.gator.com127.0.0.1	web.whenu.com127.0.0.1	www.web.whenu.com127.0.0.1	web.whenu.speedera.net127.0.0.1	www.web.whenu.speedera.net127.0.0.1	webpdp.gator.com127.0.0.1	www.webpdp.gator.com127.0.0.1	wfix.com127.0.0.1	www.wfix.com127.0.0.1	whenu-advertising-info.com127.0.0.1	www.whenu-advertising-info.com127.0.0.1	whenu-advertising.com127.0.0.1	www.whenu-advertising.com127.0.0.1	whenu-popup-ads.com127.0.0.1	www.whenu-popup-ads.com127.0.0.1	whenu.com127.0.0.1	www.whenu.com127.0.0.1	whenusearch.com127.0.0.1	www.whenusearch.com127.0.0.1	whenushop-advertising-central.com127.0.0.1	www.whenushop-advertising-central.com127.0.0.1	whenushop-pop-ads.com127.0.0.1	www.whenushop-pop-ads.com127.0.0.1	whenushop-space.com127.0.0.1	www.whenushop-space.com127.0.0.1	whenushop.whenu.com127.0.0.1	www.whenushop.whenu.com127.0.0.1	ww2.ieplugin.com127.0.0.1	www.ww2.ieplugin.com127.0.0.1	ww3.ieplugin.com127.0.0.1	www.ww3.ieplugin.com127.0.0.1	wwa.ieplugin.com127.0.0.1	www.wwa.ieplugin.com127.0.0.1	wwd.ieplugin.com127.0.0.1	www.wwd.ieplugin.com127.0.0.1	www.2004cms.com127.0.0.1	2004cms.com127.0.0.1	www.3721.com127.0.0.1	3721.com127.0.0.1	www.680180.net127.0.0.1	680180.net127.0.0.1	www.7metasearch.com127.0.0.1	7metasearch.com127.0.0.1	www.7search.com127.0.0.1	7search.com127.0.0.1	www.aadcom.com127.0.0.1	aadcom.com127.0.0.1	www.abetterinternet.com127.0.0.1	abetterinternet.com127.0.0.1	www.active-alert-server.com127.0.0.1	active-alert-server.com127.0.0.1	www.active-max.com127.0.0.1	active-max.com127.0.0.1	www.acustat.com127.0.0.1	acustat.com127.0.0.1	www.addictivetechnologies.net127.0.0.1	addictivetechnologies.net127.0.0.1	www.adroar.com127.0.0.1	adroar.com127.0.0.1	www.adtactics.com127.0.0.1	adtactics.com127.0.0.1	www.adtomi.com127.0.0.1	adtomi.com127.0.0.1	www.aimdolls.com127.0.0.1	aimdolls.com127.0.0.1	www.aimphuck.com127.0.0.1	aimphuck.com127.0.0.1	www.alexa.com127.0.0.1	alexa.com127.0.0.1	www.allaboutsearching.com127.0.0.1	allaboutsearching.com127.0.0.1	www.allhyperlinks.com127.0.0.1	allhyperlinks.com127.0.0.1	www.almightysearch.com127.0.0.1	almightysearch.com127.0.0.1	www.altnet.com127.0.0.1	altnet.com127.0.0.1	www.altnetp2p.com127.0.0.1	altnetp2p.com127.0.0.1	www.amazingautossearch.com127.0.0.1	amazingautossearch.com127.0.0.1	www.amnv.net127.0.0.1	amnv.net127.0.0.1	www.at-games.com127.0.0.1	at-games.com127.0.0.1	www.avenuemedia.com127.0.0.1	avenuemedia.com127.0.0.1	www.b3d.com127.0.0.1	b3d.com127.0.0.1	www.bc777.com127.0.0.1	bc777.com127.0.0.1	www.bluehavenmedia.com127.0.0.1	bluehavenmedia.com127.0.0.1	www.bns1.net127.0.0.1	bns1.net127.0.0.1	www.bns2.net127.0.0.1	bns2.net127.0.0.1	www.bonzi.com127.0.0.1	bonzi.com127.0.0.1	www.bonzibuddy.com127.0.0.1	bonzibuddy.com127.0.0.1	www.brilliantdigital.com127.0.0.1	brilliantdigital.com127.0.0.1	www.browsertoolbar.com127.0.0.1	browsertoolbar.com127.0.0.1	www.browserwise.com127.0.0.1	browserwise.com127.0.0.1	www.bulletproofsoft.com127.0.0.1	bulletproofsoft.com127.0.0.1	www.bundleware.com127.0.0.1	bundleware.com127.0.0.1	www.centralmedia.ws127.0.0.1	centralmedia.ws127.0.0.1	www.cleangetaway.biz127.0.0.1	cleangetaway.biz127.0.0.1	www.click2findnow.com127.0.0.1	click2findnow.com127.0.0.1	www.clickalchemy.com127.0.0.1	clickalchemy.com127.0.0.1	www.clicktracking.info127.0.0.1	clicktracking.info127.0.0.1	www.climaxbucks.com127.0.0.1	climaxbucks.com127.0.0.1	www.clock-sync.com127.0.0.1	clock-sync.com127.0.0.1	www.cms1.net127.0.0.1	cms1.net127.0.0.1	www.cms2.net127.0.0.1	cms2.net127.0.0.1	www.cocktailcash.com127.0.0.1	cocktailcash.com127.0.0.1	www.contexualsearch.com127.0.0.1	contexualsearch.com127.0.0.1	www.crap2.com127.0.0.1	crap2.com127.0.0.1	www.cydoor.com127.0.0.1	cydoor.com127.0.0.1	www.dashbar.com127.0.0.1	dashbar.com127.0.0.1	www.datastorm.biz127.0.0.1	datastorm.biz127.0.0.1	www.date-manager.com127.0.0.1	date-manager.com127.0.0.1	www.dialup2.com127.0.0.1	dialup2.com127.0.0.1	www.domain.i-lookup.com127.0.0.1	domain.i-lookup.com127.0.0.1	www.ebates.com127.0.0.1	ebates.com127.0.0.1	www.ecpm.com127.0.0.1	ecpm.com127.0.0.1	www.ez-searching.com127.0.0.1	ez-searching.com127.0.0.1	www.find-quick.com127.0.0.1	find-quick.com127.0.0.1	www.findology.com127.0.0.1	findology.com127.0.0.1	www.funwebproducts.com127.0.0.1	funwebproducts.com127.0.0.1	www.gator.com127.0.0.1	gator.com127.0.0.1	www.gatoradvertisinginformationnetwork.com127.0.0.1	gatoradvertisinginformationnetwork.com127.0.0.1	www.gatorcorporation.com127.0.0.1	gatorcorporation.com127.0.0.1	www.getweathercast.com127.0.0.1	getweathercast.com127.0.0.1	www.gigatechsoftware.com127.0.0.1	gigatechsoftware.com127.0.0.1	www.gonnasearch.com127.0.0.1	gonnasearch.com127.0.0.1	www.grandstreetinteractive.com127.0.0.1	grandstreetinteractive.com127.0.0.1	www.greasycow.com127.0.0.1	greasycow.com127.0.0.1	www.hotbar.com127.0.0.1	hotbar.com127.0.0.1	www.i-lookup.com127.0.0.1	i-lookup.com127.0.0.1	www.ieplugin.com127.0.0.1	ieplugin.com127.0.0.1	www.igetnet.com127.0.0.1	igetnet.com127.0.0.1	www.ignkeywords.com127.0.0.1	ignkeywords.com127.0.0.1	www.ignphrases.com127.0.0.1	ignphrases.com127.0.0.1	www.imbum.com127.0.0.1	imbum.com127.0.0.1	www.internet-optimizer.com127.0.0.1	internet-optimizer.com127.0.0.1	www.ipinsight.com127.0.0.1	ipinsight.com127.0.0.1	www.ipinsight.net127.0.0.1	ipinsight.net127.0.0.1	www.iwon.com127.0.0.1	iwon.com127.0.0.1	www.kazanon.com127.0.0.1	kazanon.com127.0.0.1	www.linkstoyou.com127.0.0.1	linkstoyou.com127.0.0.1	www.look-today.com127.0.0.1	look-today.com127.0.0.1	www.look2me.com127.0.0.1	look2me.com127.0.0.1	www.look2me1.com127.0.0.1	look2me1.com127.0.0.1	www.look2me2.com127.0.0.1	look2me2.com127.0.0.1	www.look2me4.com127.0.0.1	look2me4.com127.0.0.1	www.lop.com127.0.0.1	lop.com127.0.0.1	www.lop2.com127.0.0.1	lop2.com127.0.0.1	www.lovetraffic.com127.0.0.1	lovetraffic.com127.0.0.1	www.lunasearch.com127.0.0.1	lunasearch.com127.0.0.1	www.memorymeter.com127.0.0.1	memorymeter.com127.0.0.1	www.messagebroadcaster.net127.0.0.1	messagebroadcaster.net127.0.0.1	www.mindseti.com127.0.0.1	mindseti.com127.0.0.1	www.mindsetinteractive.com127.0.0.1	mindsetinteractive.com127.0.0.1	www.movies-etc.com127.0.0.1	movies-etc.com127.0.0.1	www.mp3search.com127.0.0.1	mp3search.com127.0.0.1	www.msview.cc127.0.0.1	msview.cc127.0.0.1	www.mx-targeting.com127.0.0.1	mx-targeting.com127.0.0.1	www.mypanicbutton.com127.0.0.1	mypanicbutton.com127.0.0.1	www.mypctuneup.com127.0.0.1	mypctuneup.com127.0.0.1	www.mysearch.com127.0.0.1	mysearch.com127.0.0.1	www.mysearchnow.com127.0.0.1	mysearchnow.com127.0.0.1	www.mywebsearch.com127.0.0.1	mywebsearch.com127.0.0.1	www.netpalnow.com127.0.0.1	netpalnow.com127.0.0.1	www.netpaloffers.net127.0.0.1	netpaloffers.net127.0.0.1	www.netsearchsoft.com127.0.0.1	netsearchsoft.com127.0.0.1	www.newtonknows.com127.0.0.1	newtonknows.com127.0.0.1	www.nictechnetworks.com127.0.0.1	nictechnetworks.com127.0.0.1	www.no-pops.com127.0.0.1	no-pops.com127.0.0.1	www.nopop.net127.0.0.1	nopop.net127.0.0.1	www.nuker.com127.0.0.1	nuker.com127.0.0.1	www.odysseusmarketing.com127.0.0.1	odysseusmarketing.com127.0.0.1	www.offercompanion.com127.0.0.1	offercompanion.com127.0.0.1	www.offeroptimizer.com127.0.0.1	offeroptimizer.com127.0.0.1	www.omegasearch.com127.0.0.1	omegasearch.com127.0.0.1	www.omi-update.net127.0.0.1	omi-update.net127.0.0.1	www.pay-per-search.com127.0.0.1	pay-per-search.com127.0.0.1	www.payperranking.com127.0.0.1	payperranking.com127.0.0.1	www.plugusin4cash.com127.0.0.1	plugusin4cash.com127.0.0.1	www.precision-time.com127.0.0.1	precision-time.com127.0.0.1	www.pricebandit.com127.0.0.1	pricebandit.com127.0.0.1	www.prosearching.com127.0.0.1	prosearching.com127.0.0.1	www.qcksearch.com127.0.0.1	qcksearch.com127.0.0.1	www.resultsmaster.com127.0.0.1	resultsmaster.com127.0.0.1	www.rgs1.net127.0.0.1	rgs1.net127.0.0.1	www.rgs2.net127.0.0.1	rgs2.net127.0.0.1	www.roispy.com127.0.0.1	roispy.com127.0.0.1	www.rspsearch.com127.0.0.1	rspsearch.com127.0.0.1	www.rub.to127.0.0.1	rub.to127.0.0.1	www.sbvr.com127.0.0.1	sbvr.com127.0.0.1	www.search200.com127.0.0.1	search200.com127.0.0.1	www.searchassistant.net127.0.0.1	searchassistant.net127.0.0.1	www.searchexe.com127.0.0.1	searchexe.com127.0.0.1	www.searchscout.com127.0.0.1	searchscout.com127.0.0.1	www.searchweb2.com127.0.0.1	searchweb2.com127.0.0.1	www.similarsingles.com127.0.0.1	similarsingles.com127.0.0.1	www.spawnet.com127.0.0.1	spawnet.com127.0.0.1	www.spiderbait.com127.0.0.1	spiderbait.com127.0.0.1	www.spywarehelp.net127.0.0.1	spywarehelp.net127.0.0.1	www.spywarenuker.com127.0.0.1	spywarenuker.com127.0.0.1	www.srv2cpt.com127.0.0.1	srv2cpt.com127.0.0.1	www.stop-popup-ads-now.com127.0.0.1	stop-popup-ads-now.com127.0.0.1	www.tdko.com127.0.0.1	tdko.com127.0.0.1	www.tfil.com127.0.0.1	tfil.com127.0.0.1	www.tgcsearch.com127.0.0.1	tgcsearch.com127.0.0.1	www.thinkingmedia.net127.0.0.1	thinkingmedia.net127.0.0.1	www.topicks.com127.0.0.1	topicks.com127.0.0.1	www.totalvelocity.com127.0.0.1	totalvelocity.com127.0.0.1	www.tps108.org127.0.0.1	tps108.org127.0.0.1	www.trekblue.com127.0.0.1	trekblue.com127.0.0.1	www.twain-tech.com127.0.0.1	twain-tech.com127.0.0.1	www.unitedvending.net127.0.0.1	unitedvending.net127.0.0.1	www.virtumundo.com127.0.0.1	virtumundo.com127.0.0.1	www.vx2.cc127.0.0.1	vx2.cc127.0.0.1	www.weatherscope.com127.0.0.1	weatherscope.com127.0.0.1	www.websecurealert.com127.0.0.1	websecurealert.com127.0.0.1	www.whenu.com127.0.0.1	whenu.com127.0.0.1	www.whenu.com.edgesuite.net127.0.0.1	whenu.com.edgesuite.net127.0.0.1	www.whenusearch.com127.0.0.1	whenusearch.com127.0.0.1	www.whenushop.com127.0.0.1	whenushop.com127.0.0.1	www.world-portal.com127.0.0.1	world-portal.com127.0.0.1	www.yoogee.com127.0.0.1	yoogee.com127.0.0.1	www.zestyfind.com127.0.0.1	zestyfind.com127.0.0.1	www.zsearchtoolbar.com127.0.0.1	zsearchtoolbar.com127.0.0.1	www1.iwon.com127.0.0.1	www.www1.iwon.com127.0.0.1	www1.lop.com127.0.0.1	www.www1.lop.com127.0.0.1	www2.browsertoolbar.com127.0.0.1	www.www2.browsertoolbar.com127.0.0.1	www2.i-lookup.com127.0.0.1	www.www2.i-lookup.com127.0.0.1	xads.offeroptimizer.com127.0.0.1	www.xads.offeroptimizer.com127.0.0.1	xadso.offeroptimizer.com127.0.0.1	www.xadso.offeroptimizer.com127.0.0.1	xadsq.offeroptimizer.com127.0.0.1	www.xadsq.offeroptimizer.com127.0.0.1	xadx.offeroptimizer.com127.0.0.1	www.xadx.offeroptimizer.com127.0.0.1	xbs.climaxbucks.com127.0.0.1	www.xbs.climaxbucks.com127.0.0.1	xbs.cocktailcash.com127.0.0.1	www.xbs.cocktailcash.com127.0.0.1	ximages.offeroptimizer.com127.0.0.1	www.ximages.offeroptimizer.com127.0.0.1	xjupiter.com127.0.0.1	www.xjupiter.com127.0.0.1	xlime.offeroptimizer.com127.0.0.1	www.xlime.offeroptimizer.com127.0.0.1	xml.411web.com127.0.0.1	www.xml.411web.com127.0.0.1	xmlsearch.balance.gator.com127.0.0.1	www.xmlsearch.balance.gator.com127.0.0.1	xmlsearch.gator.com127.0.0.1	www.xmlsearch.gator.com127.0.0.1	yahoo.3721.com127.0.0.1	www.yahoo.3721.com127.0.0.1	yoogee.com127.0.0.1	www.yoogee.com127.0.0.1	z1.vx2.cc127.0.0.1	www.z1.vx2.cc127.0.0.1	zestyfind.com127.0.0.1	www.zestyfind.com127.0.0.1	zinc.whenu.com127.0.0.1	www.zinc.whenu.com127.0.0.1	zsearchtoolbar.com127.0.0.1	www.zsearchtoolbar.comProcessus Actifs:-----------------[System Process]Processus ID: 0Parent PID: 0SystemProcessus ID: 4Parent PID: 0smss.exeProcessus ID: 564Parent PID: 4Chemin: C:\WINDOWS\system32\smss.exeTaille: 50688 OctetsMD5: 70A9BCEA4D3B3B4773F9A871F5FEEF57Description: Gestionnaire de session Windows NTVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. Tous droits réservés.Organisation: Microsoft Corporationcsrss.exeProcessus ID: 684Parent PID: 564Chemin: C:\WINDOWS\system32\csrss.exeTaille: 6144 OctetsMD5: 6EDCA12F58A4513637AF2DEBB1629BC8Description: Client Server Runtime ProcessVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft Corporationwinlogon.exeProcessus ID: 720Parent PID: 564Chemin: C:\WINDOWS\system32\winlogon.exeTaille: 506368 OctetsMD5: 123EEA158F74D0F67A51DCDF065D1091Description: Application d'ouverture de session Windows NTVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. Tous droits réservés.Organisation: Microsoft Corporationservices.exeProcessus ID: 884Parent PID: 720Chemin: C:\WINDOWS\system32\services.exeTaille: 108544 OctetsMD5: 63DCDE1A0D86EEB8924D6738FF616EADDescription: Applications Services et ContrôleurVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. Tous droits réservés.Organisation: Microsoft Corporationlsass.exeProcessus ID: 896Parent PID: 720Chemin: C:\WINDOWS\system32\lsass.exeTaille: 13312 OctetsMD5: 259AF82A0932EEA4F316F92DB94707B6Description: LSA Shell (Export Version)Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft Corporationati2evxx.exeProcessus ID: 1052Parent PID: 884Chemin: C:\WINDOWS\System32\Ati2evxx.exeTaille: 376832 OctetsMD5: 41EDE858AE5C6E0EA1C06049F491E315svchost.exeProcessus ID: 1064Parent PID: 884Chemin: C:\WINDOWS\System32\svchost -k DComLaunchTaille: 14336 OctetsMD5: 2979B03D5382A602623C0535B16AB9C0Description: Generic Host Process for Win32 ServicesVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft Corporationsvchost.exeProcessus ID: 1124Parent PID: 884Chemin: C:\WINDOWS\system32\svchost -k rpcssTaille: 14336 OctetsMD5: 2979B03D5382A602623C0535B16AB9C0Description: Generic Host Process for Win32 ServicesVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft Corporationsvchost.exeProcessus ID: 1160Parent PID: 884Chemin: C:\WINDOWS\system32\svchost.exe -k netsvcsTaille: 14336 OctetsMD5: 2979B03D5382A602623C0535B16AB9C0Description: Generic Host Process for Win32 ServicesVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft Corporationsvchost.exeProcessus ID: 1204Parent PID: 884Chemin: C:\WINDOWS\System32\svchost.exe -k NetworkServiceTaille: 14336 OctetsMD5: 2979B03D5382A602623C0535B16AB9C0Description: Generic Host Process for Win32 ServicesVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft Corporationsvchost.exeProcessus ID: 1392Parent PID: 884Chemin: C:\WINDOWS\System32\svchost.exe -k LocalServiceTaille: 14336 OctetsMD5: 2979B03D5382A602623C0535B16AB9C0Description: Generic Host Process for Win32 ServicesVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft Corporationspoolsv.exeProcessus ID: 1620Parent PID: 884Chemin: C:\WINDOWS\system32\spoolsv.exeTaille: 57856 OctetsMD5: DA81EC57ACD4CDC3D4C51CF3D409AF9FDescription: Spooler SubSystem AppVersion: 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft CorporationAVGUARD.EXEProcessus ID: 1708Parent PID: 884Chemin: "C:\Program Files\AVPersonal\AVGUARD.EXE"Taille: 238120 OctetsMD5: D3CCC1233719969205EEE7CA5B5DCFB7Description: Antivirus Service for Windows XP/2000/NTVersion: 6.31.00.01Copyright: Copyright © 1998 - 2005 by H+BEDV Datentechnik GmbH. All Rights Reserved.Organisation: H+BEDV Datentechnik GmbHAOLacsd.exeProcessus ID: 1720Parent PID: 884Chemin: C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeTaille: 1135728 OctetsMD5: E13406F701A9B2A7513CD6798A40CECBDescription: AOL Connectivity ServiceVersion: 2.0.20.1.FR.213      Copyright: Copyright © 2003 America Online, Inc.Organisation: America Online, Inc.AVWUPSRV.EXEProcessus ID: 1748Parent PID: 884Chemin: "C:\Program Files\AVPersonal\AVWUPSRV.EXE"Taille: 45096 OctetsMD5: 7D41A8E0F4561DFA82D5AEB37A2FA9B5Description: AntiVir Software Update Service for WindowsVersion: 6.31.00.01Copyright: Copyright © 1998-2005 H+BEDV Datentechnik GmbH. Alle Reche vorbehalten.Organisation: H+BEDV Datentechnik GmbH, Germanysvchost.exeProcessus ID: 1864Parent PID: 884Chemin: C:\WINDOWS\System32\svchost.exe -k imgsvcTaille: 14336 OctetsMD5: 2979B03D5382A602623C0535B16AB9C0Description: Generic Host Process for Win32 ServicesVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft Corporationati2evxx.exeProcessus ID: 1928Parent PID: 720Chemin: C:\WINDOWS\system32\ati2evxx.exeTaille: 376832 OctetsMD5: 41EDE858AE5C6E0EA1C06049F491E315wdfmgr.exeProcessus ID: 2024Parent PID: 884Chemin: C:\WINDOWS\System32\wdfmgr.exeTaille: 38912 OctetsMD5: C81B8635DEE0D3EF5F64B3DD643023A5Description: Windows User Mode Driver ManagerVersion: 5.2.3790.1230 built by: DNSRV(bld4act)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft Corporationexplorer.exeProcessus ID: 124Parent PID: 1956Chemin: C:\WINDOWS\Explorer.EXETaille: 1036288 OctetsMD5: 2A7BD330924252A2FD80344FC949BB72Description: Explorateur WindowsVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. Tous droits réservés.Organisation: Microsoft Corporationvsmon.exeProcessus ID: 168Parent PID: 884Chemin: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -serviceTaille: 1210112 OctetsMD5: A4A7242F4663775C28EE53F0BAEDE397Description: TrueVector ServiceVersion: 5.5.109.000Copyright: Copyright © 1998-2005, Zone Labs, LLCOrganisation: Zone Labs, LLCwanmpsvc.exeProcessus ID: 376Parent PID: 884Chemin: "C:\WINDOWS\wanmpsvc.exe"Taille: 65536 OctetsMD5: 909F2DC0DA7F57D229A05EE90647B2C3Description: Wan Miniport (ATW) ServiceVersion: 7, 0, 0, 2Copyright: Copyright © 2001 America Online, Inc.Organisation: America Online, Inc.hpsysdrv.exeProcessus ID: 792Parent PID: 124Chemin: C:\windows\system\hpsysdrv.exeTaille: 52736 OctetsMD5: 06A1ECB63DF139EC639E084D4AB3C9D7Description: hpsysdrvVersion: 1, 7, 0, 0Copyright: Copyright © 1998Organisation: Hewlett-Packard CompanyHpqCmon.exeProcessus ID: 824Parent PID: 124Chemin: C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exeTaille: 90112 OctetsMD5: C0DE87745C950F2966394837C3683AE5Description: HpqCmon MFC ApplicationVersion: 2.0.0.133Copyright: Copyright (C) 2001hphmon05.exeProcessus ID: 832Parent PID: 124Chemin: C:\WINDOWS\System32\hphmon05.exeTaille: 483328 OctetsMD5: C39FCB57279D2C4D3235D31E43BE4196Description: HPHmon05Version: 5,0,84Copyright: Copyright (C) 2003Organisation: Hewlett-Packardkbd.exeProcessus ID: 840Parent PID: 124Chemin: C:\HP\KBD\KBD.EXETaille: 61440 OctetsMD5: 4A95F15B706B8FD9EC8715B6401EAB7BDescription: KBD EXEVersion: 1.0.2.0Copyright: Copyright © Hewlett-Packard Company 2000Organisation: Hewlett-Packard Companyatiptaxx.exeProcessus ID: 1244Parent PID: 124Chemin: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeTaille: 335872 OctetsMD5: 313E2F8670C9E508A4F86D14686CF815Description: ATI Desktop Control PanelVersion: 6.14.10.5061Copyright: Copyright (C) 1998-2002 ATI Technologies Inc.Organisation: ATI Technologies, Inc.WkUFind.exeProcessus ID: 1320Parent PID: 124Chemin: C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exeTaille: 50688 OctetsMD5: 25D60F3CD198007541B422CD34E677CEDescription: Détection Microsoft® Works UpdateVersion: 9.00.0603.0Copyright: Copyright © 1987-2003 Microsoft Corporation.Organisation: Microsoft® CorporationAOLDial.exeProcessus ID: 1484Parent PID: 124Chemin: C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exeTaille: 496752 OctetsMD5: C9F2716A1BB17DF55ED01A53833C86E8Description: AOL Connectivity Service DialerVersion: 2.0.20.1.FR.213      Copyright: Copyright © 2003 America Online, Inc.Organisation: America Online, Incdragdiag.exeProcessus ID: 1492Parent PID: 124Chemin: C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeTaille: 878080 OctetsMD5: 1F272ACBF9E17A0917524773DA8C9140Description: SpeedTouch StatisticsVersion: 300.7.0.2Comments: /Copyright: Copyright© THOMSON  1999-2003Organisation: THOMSONAOLSP Scheduler.exeProcessus ID: 1532Parent PID: 124Chemin: C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exeTaille: 79448 OctetsMD5: 747F55208A1508DB7B91E0E1FE0EF23ADescription: AOLSP SchedulerVersion: 1, 0, 0, 78Copyright: Copyright (C) America Online, Inc. 2004AVGNT.EXEProcessus ID: 1560Parent PID: 124Chemin: C:\Program Files\AVPersonal\AVGNT.EXETaille: 168039 OctetsMD5: 7BD6D6EFCF5547124DBDF49DDE0CF16ADescription: AntiVir Guard/XP Control ProgramVersion: 6.31.00.01Copyright: Copyright © 1998-2005 H+BEDV Datentechnik GmbH. All rights reserved.Organisation: H+BEDV Datentechnik GmbHzlclient.exeProcessus ID: 1656Parent PID: 124Chemin: zlclient.exeTaille:  OctetsMD5: msnappau.exeProcessus ID: 1768Parent PID: 124Chemin: C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exeTaille: 86016 OctetsMD5: E377C992DFBB5837826EA311E436C66DDescription: MSN UpdaterVersion: 01.02.3000.1001Copyright: Copyright © 2004Organisation: Microsoft CorporationPCHButton.exeProcessus ID: 1968Parent PID: 124Chemin: C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exeTaille: 155648 OctetsMD5: 004E6249D5B93FAE00B583AF6AFE98BEVersion: 4.12.0.pchealthclient.pchclient.20030613_172000Copyright: Copyright 1998-2003Organisation: Motive Communications, Inc.ctfmon.exeProcessus ID: 1476Parent PID: 124Chemin: C:\WINDOWS\system32\ctfmon.exeTaille: 15360 OctetsMD5: 64E41E8FEE655B03E3F19DED21BA5118Description: CTF LoaderVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft Corporationwmiprvse.exeProcessus ID: 3288Parent PID: 1064Chemin: wmiprvse.exeTaille:  OctetsMD5: Description: WMIVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft Corporationalg.exeProcessus ID: 3792Parent PID: 884Chemin: C:\WINDOWS\System32\alg.exeTaille: 44544 OctetsMD5: B43CC0F07752D456038CD0268E4D84E9Description: Application Layer Gateway ServiceVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Copyright: © Microsoft Corporation. All rights reserved.Organisation: Microsoft Corporationwaol.exeProcessus ID: 3120Parent PID: 3212Chemin: C:\Program Files\AOL 9.0a\waol.exeTaille: 259672 OctetsMD5: B3C4896764186E908786D8F11A03E82DDescription: AOLVersion: 9.00.002Copyright: Copyright (C) America Online, Inc. 1999 - 2004Organisation: America Online, Inc.shellmon.exeProcessus ID: 4004Parent PID: 3120Chemin: C:\Program Files\AOL 9.0a\shellmon.exeTaille: 38512 OctetsMD5: 7FBFF8890878A493E1359B8B134AAB38Description: setupdbVersion: 9.00.001Copyright: Copyright (C) America Online, Inc. 1999 - 2004Organisation: America Online, Inc.aoltpspd.exeProcessus ID: 108Parent PID: 3120Chemin: C:\Program Files\Fichiers communs\Aol\aoltpspd.exeTaille: 487518 OctetsMD5: 53761703DE6F29DB93F1176A2082453DDescription: AOL TopSpeed(TM)Version: 1, 1, 1, 0Copyright: Copyright © America Online 2003Organisation: America Online IncWINWORD.EXEProcessus ID: 2456Parent PID: 124Chemin: C:\Program Files\Microsoft Office\Office10\WINWORD.EXETaille: 10586440 OctetsMD5: 3C6D8B1D5DB146DDB0F651E247AAE2D2Description: Microsoft WordVersion: 10.0.4030Copyright: Copyright© Microsoft Corporation 1983-2001.  All rights reserved.Organisation: Microsoft CorporationTaskBot.exeProcessus ID: 2268Parent PID: 3120Chemin: C:\Documents and Settings\Propriétaire\Mes documents\Mes Projets\protection\TaskBot.exeTaille: 747520 OctetsMD5: EA5768F626BEB7F17E0B439A3CACC1C5Description: Informations sur les processusVersion: 0.9.6.4Comments: Freeware / GratuicielOrganisation: S!RiServices Actifs:----------------ACPIPilote ACPI Microsoft\SystemRoot\System32\DRIVERS\ACPI.sysParent PID: 0AFDEnvironnement de prise en charge de réseau AFD\SystemRoot\System32\drivers\afd.sysParent PID: 0AFS2KAFS2KParent PID: 0agp440Filtre de bus AGP Intel\SystemRoot\System32\DRIVERS\agp440.sysParent PID: 0alcan5lnSpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS)System32\DRIVERS\alcan5ln.sysParent PID: 0alcaudslSpeedTouch ADSL Modem ATM TransportSystem32\DRIVERS\alcaudsl.sysParent PID: 0ALCXSENSService for WDM 3D Audio Driversystem32\drivers\ALCXSENS.SYSParent PID: 0ALCXWDMService for Realtek AC97 Audio (WDM)system32\drivers\ALCXWDM.SYSParent PID: 0ALGService de la passerelle de la couche ApplicationC:\WINDOWS\System32\alg.exeParent PID: 3792AmdK7Pilote de processeur AMD K7System32\DRIVERS\amdk7.sysParent PID: 0AntiVirServiceAntiVir Service"C:\Program Files\AVPersonal\AVGUARD.EXE"Parent PID: 1708AOL ACSAOL Connectivity ServiceC:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeParent PID: 1720Arp1394Protocole client ARP 1394System32\DRIVERS\arp1394.sysParent PID: 0ASCTRMASCTRMParent PID: 0atapiContrôleur de disque dur IDE/ESDI standard\SystemRoot\System32\DRIVERS\atapi.sysParent PID: 0Ati HotKey PollerAti HotKey PollerC:\WINDOWS\System32\Ati2evxx.exeParent PID: 1052ati2mtagati2mtagSystem32\DRIVERS\ati2mtag.sysParent PID: 0ATWPKT2ATWPKT2\??\C:\PROGRA~1\FICHIE~1\AOL\ACS\ATWPKT2.SYSParent PID: 0AudioSrvAudio WindowsC:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160audstubPilote audio StubSystem32\DRIVERS\audstub.sysParent PID: 0avgntdwavgntdw\??\C:\Program Files\AVPersonal\AVGNTDW.SYSParent PID: 0AVWUpSrvAntiVir Update"C:\Program Files\AVPersonal\AVWUPSRV.EXE"Parent PID: 1748BeepBeepParent PID: 0BITSService de transfert intelligent en arrière-planC:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160BrowserExplorateur d'ordinateurC:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160CdaC15BACdaC15BA\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYSParent PID: 0CdfsCdfsParent PID: 0cdrbsvsdcdrbsvsdParent PID: 0CdromPilote de CD-ROMSystem32\DRIVERS\cdrom.sysParent PID: 0CryptSvcServices de cryptographieC:\WINDOWS\system32\svchost.exe -k netsvcsParent PID: 1160DcomLaunchLanceur de processus serveur DCOMC:\WINDOWS\system32\svchost -k DcomLaunchParent PID: 1064DhcpClient DHCPC:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160DiskPilote de disque\SystemRoot\System32\DRIVERS\disk.sysParent PID: 0DnscacheClient DNSC:\WINDOWS\System32\svchost.exe -k NetworkServiceParent PID: 1204ERSvcService de rapport d'erreursC:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160EventlogJournal des événementsC:\WINDOWS\system32\services.exeParent PID: 884EventSystemSystème d'événements de COM+C:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160FastfatFastfatParent PID: 0FastUserSwitchingCompatibilityCompatibilité avec le Changement rapide d'utilisateurC:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160FdcPilote de contrôleur de lecteur de disquettesSystem32\DRIVERS\fdc.sysParent PID: 0FETNDISBVIA Rhine Family Fast Ethernet Adapter Driver ServiceSystem32\DRIVERS\fetnd5b.sysParent PID: 0FipsFipsParent PID: 0FlpydiskPilote de lecteur de disquettesSystem32\DRIVERS\flpydisk.sysParent PID: 0FltMgrFltMgr\SystemRoot\system32\drivers\fltmgr.sysParent PID: 0FtdiskPilote du Gestionnaire de volume\SystemRoot\System32\DRIVERS\ftdisk.sysParent PID: 0GpcClassificateur de paquets génériqueSystem32\DRIVERS\msgpc.sysParent PID: 0helpsvcAide et supportC:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160HSFHWBS2HSFHWBS2System32\DRIVERS\HSFHWBS2.sysParent PID: 0HSF_DPHSF_DPSystem32\DRIVERS\HSF_DP.sysParent PID: 0HTTPHTTPSystem32\Drivers\HTTP.sysParent PID: 0i8042prtPilote pour clavier i8042 et souris sur port PS/2System32\DRIVERS\i8042prt.sysParent PID: 0ImapiPilote de filtre de gravure CDSystem32\DRIVERS\imapi.sysParent PID: 0IpNatTraducteur d'adresses réseau IPSystem32\DRIVERS\ipnat.sysParent PID: 0IPSecPilote IPSECSystem32\DRIVERS\ipsec.sysParent PID: 0isapnpPilote de bus Plug-and-Play ISA/EISA\SystemRoot\System32\DRIVERS\isapnp.sysParent PID: 0KbdclassPilote de la classe ClavierSystem32\DRIVERS\kbdclass.sysParent PID: 0kmixerMélangeur audio Wave de noyau Microsoftsystem32\drivers\kmixer.sysParent PID: 0KSecDDKSecDDParent PID: 0lanmanserverServeurC:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160lanmanworkstationStation de travailC:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160LmHostsAssistance TCP/IP NetBIOSC:\WINDOWS\System32\svchost.exe -k LocalServiceParent PID: 1392MASPINTMASPINTParent PID: 0mdmxsdkmdmxsdkSystem32\DRIVERS\mdmxsdk.sysParent PID: 0mnmddmnmddParent PID: 0ModemModemParent PID: 0MouclassPilote de la classe SourisSystem32\DRIVERS\mouclass.sysParent PID: 0MountMgrGestionnaire de point de montageParent PID: 0MRxDAVRedirecteur client WebDavSystem32\DRIVERS\mrxdav.sysParent PID: 0MRxSmbMRxSmbSystem32\DRIVERS\mrxsmb.sysParent PID: 0MsfsMsfsParent PID: 0mssmbiosPilote BIOS de gestion de systèmes MicrosoftSystem32\DRIVERS\mssmbios.sysParent PID: 0MupMupParent PID: 0NDISPilote système NDISParent PID: 0NdisTapiPilote TAPI NDIS d'accès distantSystem32\DRIVERS
distapi.sysParent PID: 0NdisuioNDIS mode utilisateur E/S ProtocoleSystem32\DRIVERS
disuio.sysParent PID: 0NdisWanPilote réseau étendu NDIS d'accès distantSystem32\DRIVERS
diswan.sysParent PID: 0NDProxyProxy NDISParent PID: 0NetBIOSInterface NetBIOSSystem32\DRIVERS
etbios.sysParent PID: 0NetBTNetBTSystem32\DRIVERS
etbt.sysParent PID: 0NetmanConnexions réseauC:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160NIC1394Pilote réseau 1394System32\DRIVERS
ic1394.sysParent PID: 0NlaNLA (Network Location Awareness)C:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160NpfsNpfsParent PID: 0NtfsNtfsParent PID: 0NullNullParent PID: 0nv_agpNVIDIA nForce AGP Bus Filter\SystemRoot\System32\DRIVERS
v_agp.sysParent PID: 0ohci1394Contrôleur hôte compatible IEE 1394 VIA OHCI\SystemRoot\System32\DRIVERS\ohci1394.sysParent PID: 0ParportPilote de port parallèleSystem32\DRIVERS\parport.sysParent PID: 0PartMgrGestionnaire de partitionParent PID: 0ParVdmParVdmParent PID: 0PCIPCI Bus Driver\SystemRoot\System32\DRIVERS\pci.sysParent PID: 0PCIIdePCIIde\SystemRoot\System32\DRIVERS\pciide.sysParent PID: 0pfcPadus ASPI Shellsystem32\drivers\pfc.sysParent PID: 0PlugPlayPlug-and-PlayC:\WINDOWS\system32\services.exeParent PID: 884PolicyAgentServices IPSECC:\WINDOWS\System32\lsass.exeParent PID: 896PptpMiniportMiniport réseau étendu (PPTP)System32\DRIVERSaspptp.sysParent PID: 0ProtectedStorageEmplacement protégéC:\WINDOWS\system32\lsass.exeParent PID: 896Ps2Ps2System32\DRIVERS\PS2.sysParent PID: 0PSchedPlanificateur de paquets QoSSystem32\DRIVERS\psched.sysParent PID: 0PtilinkPilote de liaison parallèle directeSystem32\DRIVERS\ptilink.sysParent PID: 0PxHelp20PxHelp20\SystemRoot\System32\DRIVERS\PxHelp20.sysParent PID: 0RasAcdPilote de connexion automatique d'accès distantSystem32\DRIVERSasacd.sysParent PID: 0RasAutoGestionnaire de connexion automatique d'accès distantC:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160Rasl2tpMiniport réseau étendu (L2TP)System32\DRIVERSasl2tp.sysParent PID: 0RasManGestionnaire de connexions d'accès distantC:\WINDOWS\System32\svchost.exe -k netsvcsParent PID: 1160RasPppoePilote PPPOE d'accès à distance

Utilisateur anonyme · Answer

re, pour l autre scan, j ai ete emmerder !une fois fini j ai voulu enregistrer le rapport et boum planté, le prog bloqué, la souris est partie en freeze style lol enfin voila j ai etins la prise de tel et redemarrer le pc, j essayerais le scan demainCA ME GONFLEEEEEEEEEEEEEEEEE

Utilisateur anonyme · Answer

salut registoujours emmerdé avec la souris ?du coté du log, je voir rien de suspect, à moins que s!ri n'est repéré quelque chose..pour la souris, tu as essayé avec une autre ?

S!Ri · Answer

SalutA première vue rien de spécial.Essayehttp://www.sysinternals.com/Files/RootkitRevealer.zipSans connexion au net et laisse le tourner sans rien faire.Si ton pirate utilise un RootKit pour masquer les processus qu'il utilise, Il sera "peut être" possible de trouver un indice...a+

S!Ri · Answer

re'Je viens de pousser un peu plus l'analyse de ton log.Et j'y vois rien de méchant.Ta carte graphique c'est une nvidia ou ati ?Tu en as peut être 2 ?O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup                         <- NvidiaO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect                                        <- NvidiaO4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe                                                               <- AtiO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe                  <- AtiO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe                          <- AtiO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe   <- Nvidiaet la valeur de la clé qui est vide:HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"RecordNow!" = (empty string) a+

balltrap34 · Answer

S/R c est quoi se prog c est toi qui la fait dans les proprieter il y a ton nompar contre comment ont fait pour faire un prog et le mettre en exe

S!Ri · Answer

Salut Balltrap,Oui, c'est moi qui l'ai fait.On en avait deja parlé ici même (tape taskbot dans la recherche du forum). En ce moment le projet tourne au ralenti. J'ai pris du retard sur les signatures de virus et autres process.Pour faire un prog et le mettre en exe, il te faut un compilateur.Que tu programmes en assembleur ou pascal ou C (++) ou basic, à un moment ou un autre, un programme devra te compiler ton source en binaire.a+

balltrap34 · Answer

un bat peut etre mis en exe?

S!Ri · Answer

non pas moyen :-)

balltrap34 · Answer

a okdonc il faut passer par d autre langage lol cela fait trop pour moi loltu la fait en quoi le tientremarque faut peut etre pas le dire lol

S!Ri · Answer

Une fois que tu as compris la logique de la programmation, le principal est acquis.Reste la syntaxe et les commandes  (vocabulaire/grammaire) qui varie d'un language à un autre (ca reste très proche, et il y a le net et les livres pour ca).Le taskbot, je l'ai fait en c++

balltrap34 · Answer

lol j est deja du mal avec les bat alors je ne me lance pas cela fait trop de chose a fairemon sitecombattre les viruset autres

Utilisateur anonyme · Answer

re,merci a vous 3demain, j essai de changer de souris mais elle decone que sur le net j ai l impression !je vais faire le scan de siriea+

Utilisateur anonyme · Answer

re,hier j etais connecte et rootkit vait detecter pas mal de chose (2cles de registre je crois)aujourd hui je l ai fait deconnecter du net, voila le rapportC:\Documents and Settings\Propriétaire\Mes documents\Yen_a_tjrs_un\CAQJM7E9.:Zone.Identifier	18/05/2005 14:27	26 bytes	Hidden from Windows API.D:	01/01/1601 02:00	0 bytes	Error mounting volumeT en penses quoi?Je dois le faire connecter pour voir?A+

S!Ri · Answer

hum 26 octets, c'est leger pour une infection.Essaye toujours connecté, mais rootkitrevealer peut te sortir des entrées qui n'auront rien à voir avec une infection. (comme des fichiers temporaires en court d'utilisation).Tu as toujours des fichiers au noms aléatoire ?

Utilisateur anonyme · Answer

salutsirie,oui un seul au nom aleatoire que j ai repere ds zone alarmeHier il m a sorti des fichiers temporaires en cours d execution effectivement et 2 cles de registre,j essayerais de le faire connecte alorsmerci a+

Utilisateur anonyme · Answer

re a tous,voila je l ai fait en etant connecte au net cette fois ciHKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount	12/08/2005 19:16	4 bytes	Data mismatch between Windows API and raw hive data.HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount	12/08/2005 19:16	4 bytes	Data mismatch between Windows API and raw hive data.C:\Documents and Settings\Propriétaire\Local Settings\Temp\~DFBFBE.tmp	12/08/2005 19:23	16.00 KB	Hidden from Windows API.C:\Documents and Settings\Propriétaire\Mes documents\Yen_a_tjrs_un\CAQJM7E9.:Zone.Identifier	18/05/2005 14:27	26 bytes	Hidden from Windows API.D:	01/01/1601 02:00	0 bytes	Error mounting volume2/Je vais scanner mes ports pour voir3/je vais scanner chez kaspersky4/je vais fermer la prise de controle a distance grace a une manip faite par microsoft5/si le probleme de souris continue, je vais faire un test avec une autre a+

S!Ri · Answer

Salut regis59,Teste tes ports avec:http://www.nirsoft.net/utils/cports.htmlEt aussi:http://www.sysinternals.com/Utilities/TdiMon.htmlhttp://www.sysinternals.com/Utilities/TcpView.htmlTaskBot possède aussi une fonction pour avoir un cliché de l'activité reseau au moment du click.a+

Utilisateur anonyme · Answer

alg.exe	3596	TCP	1027		127.0.0.1			0.0.0.0	Listening	C:\WINDOWS\System32\alg.exe	Microsoft® Windows® Operating System	Application Layer Gateway Service	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft Corporation	12/08/2005 20:15:45		ALG	A	AOLacsd.exe	1716	TCP	1045		172.187.169.79	80	http	64.12.55.216	Close Wait	C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe	AOL Connectivity Service	AOL Connectivity Service	2.0.20.1.FR.213	America Online, Inc.	12/08/2005 20:15:01	AUTORITE NT\SYSTEM	AOL ACS	A	AOLacsd.exe	1716	TCP	1046		172.187.169.79	13784		205.188.78.9	Established	C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe	AOL Connectivity Service	AOL Connectivity Service	2.0.20.1.FR.213	America Online, Inc.	12/08/2005 20:15:01	AUTORITE NT\SYSTEM	AOL ACS	A	AOLDial.exe	624	UDP	1067		127.0.0.1					C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe	AOL Connectivity Service	AOL Connectivity Service Dialer	2.0.20.1.FR.213	America Online, Inc	12/08/2005 20:15:04	HUREL\Propriétaire		A	aoltpspd.exe	2956	TCP	443	https	127.0.0.1			0.0.0.0	Listening	C:\Program Files\Fichiers communs\Aol\aoltpspd.exe	AOL TopSpeed(TM)	AOL TopSpeed(TM)	1, 1, 1, 0	America Online Inc	12/08/2005 20:16:24	HUREL\Propriétaire		A	aoltpspd.exe	2956	TCP	11523		127.0.0.1			0.0.0.0	Listening	C:\Program Files\Fichiers communs\Aol\aoltpspd.exe	AOL TopSpeed(TM)	AOL TopSpeed(TM)	1, 1, 1, 0	America Online Inc	12/08/2005 20:16:24	HUREL\Propriétaire		A	aoltpspd.exe	2956	TCP	11523		127.0.0.1	1146		127.0.0.1	Established	C:\Program Files\Fichiers communs\Aol\aoltpspd.exe	AOL TopSpeed(TM)	AOL TopSpeed(TM)	1, 1, 1, 0	America Online Inc	12/08/2005 20:16:24	HUREL\Propriétaire		A	aoltpspd.exe	2956	TCP	11523		127.0.0.1	1147		127.0.0.1	Established	C:\Program Files\Fichiers communs\Aol\aoltpspd.exe	AOL TopSpeed(TM)	AOL TopSpeed(TM)	1, 1, 1, 0	America Online Inc	12/08/2005 20:16:24	HUREL\Propriétaire		A	aoltpspd.exe	2956	TCP	11523		127.0.0.1	1148		127.0.0.1	Established	C:\Program Files\Fichiers communs\Aol\aoltpspd.exe	AOL TopSpeed(TM)	AOL TopSpeed(TM)	1, 1, 1, 0	America Online Inc	12/08/2005 20:16:24	HUREL\Propriétaire		A	aoltpspd.exe	2956	TCP	11523		127.0.0.1	1149		127.0.0.1	Established	C:\Program Files\Fichiers communs\Aol\aoltpspd.exe	AOL TopSpeed(TM)	AOL TopSpeed(TM)	1, 1, 1, 0	America Online Inc	12/08/2005 20:16:24	HUREL\Propriétaire		A	AVGNT.EXE	776	TCP	1025		127.0.0.1	18350		127.0.0.1	Established	C:\Program Files\AVPersonal\AVGNT.EXE	AntiVir Guard Control Program	AntiVir Guard/XP Control Program	6.31.00.01	H+BEDV Datentechnik GmbH	12/08/2005 20:15:05	HUREL\Propriétaire		A	AVGUARD.EXE	1704	TCP	18350		0.0.0.0			0.0.0.0	Listening	C:\Program Files\AVPersonal\AVGUARD.EXE	Windows XP/2000/XP Guard Service	Antivirus Service for Windows XP/2000/NT	6.31.00.01	H+BEDV Datentechnik GmbH	12/08/2005 20:15:01	AUTORITE NT\SYSTEM	AntiVirService	A	AVGUARD.EXE	1704	TCP	18350		127.0.0.1	1025		127.0.0.1	Established	C:\Program Files\AVPersonal\AVGUARD.EXE	Windows XP/2000/XP Guard Service	Antivirus Service for Windows XP/2000/NT	6.31.00.01	H+BEDV Datentechnik GmbH	12/08/2005 20:15:01	AUTORITE NT\SYSTEM	AntiVirService	A	lsass.exe	892	UDP	500	isakmp	0.0.0.0					C:\WINDOWS\system32\lsass.exe	Microsoft® Windows® Operating System	LSA Shell (Export Version)	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft Corporation	12/08/2005 20:14:59	AUTORITE NT\SYSTEM	PolicyAgent, ProtectedStorage, SamSs	A	lsass.exe	892	UDP	4500		0.0.0.0					C:\WINDOWS\system32\lsass.exe	Microsoft® Windows® Operating System	LSA Shell (Export Version)	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft Corporation	12/08/2005 20:14:59	AUTORITE NT\SYSTEM	PolicyAgent, ProtectedStorage, SamSs	A	svchost.exe	1120	TCP	135	epmap	0.0.0.0			0.0.0.0	Listening	C:\WINDOWS\system32\svchost.exe	Microsoft® Windows® Operating System	Generic Host Process for Win32 Services	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft Corporation	12/08/2005 20:15:00		RpcSs	A	svchost.exe	1208	UDP	1047		0.0.0.0					C:\WINDOWS\system32\svchost.exe	Microsoft® Windows® Operating System	Generic Host Process for Win32 Services	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft Corporation	12/08/2005 20:15:00		Dnscache	A	svchost.exe	1156	UDP	123	ntp	127.0.0.1					C:\WINDOWS\system32\svchost.exe	Microsoft® Windows® Operating System	Generic Host Process for Win32 Services	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft Corporation	12/08/2005 20:15:00	AUTORITE NT\SYSTEM	AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasAuto, RasMan	A	svchost.exe	1328	UDP	1900		127.0.0.1					C:\WINDOWS\system32\svchost.exe	Microsoft® Windows® Operating System	Generic Host Process for Win32 Services	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft Corporation	12/08/2005 20:15:00		LmHosts, SSDPSRV, WebClient	A	svchost.exe	1156	UDP	123	ntp	169.254.118.30					C:\WINDOWS\system32\svchost.exe	Microsoft® Windows® Operating System	Generic Host Process for Win32 Services	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft Corporation	12/08/2005 20:15:00	AUTORITE NT\SYSTEM	AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasAuto, RasMan	A	svchost.exe	1328	UDP	1900		169.254.118.30					C:\WINDOWS\system32\svchost.exe	Microsoft® Windows® Operating System	Generic Host Process for Win32 Services	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft Corporation	12/08/2005 20:15:00		LmHosts, SSDPSRV, WebClient	A	svchost.exe	1156	UDP	123	ntp	172.187.169.79					C:\WINDOWS\system32\svchost.exe	Microsoft® Windows® Operating System	Generic Host Process for Win32 Services	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft Corporation	12/08/2005 20:15:00	AUTORITE NT\SYSTEM	AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasAuto, RasMan	A	svchost.exe	1328	UDP	1900		172.187.169.79					C:\WINDOWS\system32\svchost.exe	Microsoft® Windows® Operating System	Generic Host Process for Win32 Services	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft Corporation	12/08/2005 20:15:00		LmHosts, SSDPSRV, WebClient	A	System	4	TCP	445	microsoft-ds	0.0.0.0			0.0.0.0	Listening						N/A				System	4	TCP	139	netbios-ssn	169.254.118.30			0.0.0.0	Listening						N/A				System	4	UDP	445	microsoft-ds	0.0.0.0										N/A				System	4	UDP	137	netbios-ns	169.254.118.30										N/A				System	4	UDP	138	netbios-dgm	169.254.118.30										N/A				Unknown	0	TCP	1139		127.0.0.1	11523		127.0.0.1	Time Wait						N/A				Unknown	0	TCP	1143		127.0.0.1	11523		127.0.0.1	Time Wait						N/A				Unknown	0	TCP	11523		127.0.0.1	1136		127.0.0.1	Time Wait						N/A				Unknown	0	TCP	11523		127.0.0.1	1151		127.0.0.1	Time Wait						N/A				Unknown	0	TCP	1137		172.187.169.79	80	http	205.188.146.146	Time Wait						N/A				waol.exe	1500	TCP	1146		127.0.0.1	11523		127.0.0.1	Established	C:\Program Files\AOL 9.0a\waol.exe	America Online	AOL	9.00.002	America Online, Inc.	12/08/2005 20:16:13	HUREL\Propriétaire		A	waol.exe	1500	TCP	1147		127.0.0.1	11523		127.0.0.1	Established	C:\Program Files\AOL 9.0a\waol.exe	America Online	AOL	9.00.002	America Online, Inc.	12/08/2005 20:16:13	HUREL\Propriétaire		A	waol.exe	1500	TCP	1148		127.0.0.1	11523		127.0.0.1	Established	C:\Program Files\AOL 9.0a\waol.exe	America Online	AOL	9.00.002	America Online, Inc.	12/08/2005 20:16:13	HUREL\Propriétaire		A	waol.exe	1500	TCP	1149		127.0.0.1	11523		127.0.0.1	Established	C:\Program Files\AOL 9.0a\waol.exe	America Online	AOL	9.00.002	America Online, Inc.	12/08/2005 20:16:13	HUREL\Propriétaire		A	waol.exe	1500	TCP	1056		172.187.169.79	5190		205.188.5.240	Established	C:\Program Files\AOL 9.0a\waol.exe	America Online	AOL	9.00.002	America Online, Inc.	12/08/2005 20:16:13	HUREL\Propriétaire		A	waol.exe	1500	UDP	1057		127.0.0.1					C:\Program Files\AOL 9.0a\waol.exe	America Online	AOL	9.00.002	America Online, Inc.	12/08/2005 20:16:13	HUREL\Propriétaire		A	J espere que cela va s afficher correctement

Utilisateur anonyme · Answer

TCP/UDP Ports ListCreated by using CurrPortsProcess Name  Process ID  Protocol  Local Port  Local Port Name  Local Address  Remote Port  Remote Port Name  Remote Address  State  Process Path  Product Name  File Description  File Version  Company  Process Created On  User Name  Process Services  Process Attributes  alg.exe 3596 TCP 1027   127.0.0.1     0.0.0.0 Listening C:\WINDOWS\System32\alg.exe Microsoft® Windows® Operating System Application Layer Gateway Service 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Corporation 12/08/2005 20:15:45   ALG A  AOLacsd.exe 1716 TCP 1045   172.187.169.79 80 http 64.12.55.216 Close Wait C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe AOL Connectivity Service AOL Connectivity Service 2.0.20.1.FR.213 America Online, Inc. 12/08/2005 20:15:01 AUTORITE NT\SYSTEM AOL ACS A  AOLacsd.exe 1716 TCP 1046   172.187.169.79 13784   205.188.78.9 Established C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe AOL Connectivity Service AOL Connectivity Service 2.0.20.1.FR.213 America Online, Inc. 12/08/2005 20:15:01 AUTORITE NT\SYSTEM AOL ACS A  AOLDial.exe 624 UDP 1067   127.0.0.1         C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe AOL Connectivity Service AOL Connectivity Service Dialer 2.0.20.1.FR.213 America Online, Inc 12/08/2005 20:15:04 HUREL\Propriétaire   A  aoltpspd.exe 2956 TCP 443 https 127.0.0.1     0.0.0.0 Listening C:\Program Files\Fichiers communs\Aol\aoltpspd.exe AOL TopSpeed(TM) AOL TopSpeed(TM) 1, 1, 1, 0 America Online Inc 12/08/2005 20:16:24 HUREL\Propriétaire   A  aoltpspd.exe 2956 TCP 11523   127.0.0.1     0.0.0.0 Listening C:\Program Files\Fichiers communs\Aol\aoltpspd.exe AOL TopSpeed(TM) AOL TopSpeed(TM) 1, 1, 1, 0 America Online Inc 12/08/2005 20:16:24 HUREL\Propriétaire   A  aoltpspd.exe 2956 TCP 11523   127.0.0.1 1146   127.0.0.1 Established C:\Program Files\Fichiers communs\Aol\aoltpspd.exe AOL TopSpeed(TM) AOL TopSpeed(TM) 1, 1, 1, 0 America Online Inc 12/08/2005 20:16:24 HUREL\Propriétaire   A  aoltpspd.exe 2956 TCP 11523   127.0.0.1 1147   127.0.0.1 Established C:\Program Files\Fichiers communs\Aol\aoltpspd.exe AOL TopSpeed(TM) AOL TopSpeed(TM) 1, 1, 1, 0 America Online Inc 12/08/2005 20:16:24 HUREL\Propriétaire   A  aoltpspd.exe 2956 TCP 11523   127.0.0.1 1148   127.0.0.1 Established C:\Program Files\Fichiers communs\Aol\aoltpspd.exe AOL TopSpeed(TM) AOL TopSpeed(TM) 1, 1, 1, 0 America Online Inc 12/08/2005 20:16:24 HUREL\Propriétaire   A  aoltpspd.exe 2956 TCP 11523   127.0.0.1 1149   127.0.0.1 Established C:\Program Files\Fichiers communs\Aol\aoltpspd.exe AOL TopSpeed(TM) AOL TopSpeed(TM) 1, 1, 1, 0 America Online Inc 12/08/2005 20:16:24 HUREL\Propriétaire   A  AVGNT.EXE 776 TCP 1025   127.0.0.1 18350   127.0.0.1 Established C:\Program Files\AVPersonal\AVGNT.EXE AntiVir Guard Control Program AntiVir Guard/XP Control Program 6.31.00.01 H+BEDV Datentechnik GmbH 12/08/2005 20:15:05 HUREL\Propriétaire   A  AVGUARD.EXE 1704 TCP 18350   0.0.0.0     0.0.0.0 Listening C:\Program Files\AVPersonal\AVGUARD.EXE Windows XP/2000/XP Guard Service Antivirus Service for Windows XP/2000/NT 6.31.00.01 H+BEDV Datentechnik GmbH 12/08/2005 20:15:01 AUTORITE NT\SYSTEM AntiVirService A  AVGUARD.EXE 1704 TCP 18350   127.0.0.1 1025   127.0.0.1 Established C:\Program Files\AVPersonal\AVGUARD.EXE Windows XP/2000/XP Guard Service Antivirus Service for Windows XP/2000/NT 6.31.00.01 H+BEDV Datentechnik GmbH 12/08/2005 20:15:01 AUTORITE NT\SYSTEM AntiVirService A  lsass.exe 892 UDP 500 isakmp 0.0.0.0         C:\WINDOWS\system32\lsass.exe Microsoft® Windows® Operating System LSA Shell (Export Version) 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Corporation 12/08/2005 20:14:59 AUTORITE NT\SYSTEM PolicyAgent, ProtectedStorage, SamSs A  lsass.exe 892 UDP 4500   0.0.0.0         C:\WINDOWS\system32\lsass.exe Microsoft® Windows® Operating System LSA Shell (Export Version) 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Corporation 12/08/2005 20:14:59 AUTORITE NT\SYSTEM PolicyAgent, ProtectedStorage, SamSs A  svchost.exe 1120 TCP 135 epmap 0.0.0.0     0.0.0.0 Listening C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Corporation 12/08/2005 20:15:00   RpcSs A  svchost.exe 1208 UDP 1047   0.0.0.0         C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Corporation 12/08/2005 20:15:00   Dnscache A  svchost.exe 1156 UDP 123 ntp 127.0.0.1         C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Corporation 12/08/2005 20:15:00 AUTORITE NT\SYSTEM AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasAuto, RasMan A  svchost.exe 1328 UDP 1900   127.0.0.1         C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Corporation 12/08/2005 20:15:00   LmHosts, SSDPSRV, WebClient A  svchost.exe 1156 UDP 123 ntp 169.254.118.30         C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Corporation 12/08/2005 20:15:00 AUTORITE NT\SYSTEM AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasAuto, RasMan A  svchost.exe 1328 UDP 1900   169.254.118.30         C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Corporation 12/08/2005 20:15:00   LmHosts, SSDPSRV, WebClient A  svchost.exe 1156 UDP 123 ntp 172.187.169.79         C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Corporation 12/08/2005 20:15:00 AUTORITE NT\SYSTEM AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasAuto, RasMan A  svchost.exe 1328 UDP 1900   172.187.169.79         C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Corporation 12/08/2005 20:15:00   LmHosts, SSDPSRV, WebClient A  System 4 TCP 445 microsoft-ds 0.0.0.0     0.0.0.0 Listening           N/A        System 4 TCP 139 netbios-ssn 169.254.118.30     0.0.0.0 Listening           N/A        System 4 UDP 445 microsoft-ds 0.0.0.0                   N/A        System 4 UDP 137 netbios-ns 169.254.118.30                   N/A        System 4 UDP 138 netbios-dgm 169.254.118.30                   N/A        Unknown 0 TCP 1139   127.0.0.1 11523   127.0.0.1 Time Wait           N/A        Unknown 0 TCP 1143   127.0.0.1 11523   127.0.0.1 Time Wait           N/A        Unknown 0 TCP 11523   127.0.0.1 1136   127.0.0.1 Time Wait           N/A        Unknown 0 TCP 11523   127.0.0.1 1151   127.0.0.1 Time Wait           N/A        Unknown 0 TCP 1137   172.187.169.79 80 http 205.188.146.146 Time Wait           N/A        waol.exe 1500 TCP 1146   127.0.0.1 11523   127.0.0.1 Established C:\Program Files\AOL 9.0a\waol.exe America Online AOL 9.00.002 America Online, Inc. 12/08/2005 20:16:13 HUREL\Propriétaire   A  waol.exe 1500 TCP 1147   127.0.0.1 11523   127.0.0.1 Established C:\Program Files\AOL 9.0a\waol.exe America Online AOL 9.00.002 America Online, Inc. 12/08/2005 20:16:13 HUREL\Propriétaire   A  waol.exe 1500 TCP 1148   127.0.0.1 11523   127.0.0.1 Established C:\Program Files\AOL 9.0a\waol.exe America Online AOL 9.00.002 America Online, Inc. 12/08/2005 20:16:13 HUREL\Propriétaire   A  waol.exe 1500 TCP 1149   127.0.0.1 11523   127.0.0.1 Established C:\Program Files\AOL 9.0a\waol.exe America Online AOL 9.00.002 America Online, Inc. 12/08/2005 20:16:13 HUREL\Propriétaire   A  waol.exe 1500 TCP 1056   172.187.169.79 5190   205.188.5.240 Established C:\Program Files\AOL 9.0a\waol.exe America Online AOL 9.00.002 America Online, Inc. 12/08/2005 20:16:13 HUREL\Propriétaire   A  waol.exe 1500 UDP 1057   127.0.0.1         C:\Program Files\AOL 9.0a\waol.exe America Online AOL 9.00.002 America Online, Inc. 12/08/2005 20:16:13 HUREL\Propriétaire   A

Utilisateur anonyme · Answer

Voila, j ai changer de souris, j atends confirmation....a+

Bon ben vous le savez; hack + souris

91 réponses

Discussions similaires

Newsletters