Larsouille

Membres

Afficher le profil Afficher son activité

Compteur de contenus
55
Inscription
le 21 septembre 2008
Dernière visite
le 5 avril 2012

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Larsouille

[RESOLU] Windows 7 sur un DD externe?

Larsouille a posté un sujet dans Windows 7

Bonjour à toutes et a tous. Comme vous je suis pris d'une envie folle, suite à son apparition, non pas d'me taper Ben Affleck ou J-Lo, mais bien d'installer Windows 7. Comme mes connaissances en matière de pc sont pas tip top, je viens vous poser mes questions. Donc, est-il possible d'installer W7 sur un DD externe? Un ami m'a dit que OUI mais bon. Je ne sais pas faire une sauvegarde de mon DD, et si je dois réinstallé Xp après, je considère que c'est une perte de temps... Et que mon DD soit en USB2? Ca pose problème? Perso, je pense que ca fait franchement ch*er... Dois-je partitionner mon DD ou bien je crée juste un dossier W7 et j'installe tout dedans? Voila, en vous remerquiant...
- le 12 février 2009
- 6 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

C'est faiiiit
- le 11 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

J'ai tout bien fait, par contre j'ai vu qu'il me restait un dossier Combo Fix. Je l'ai envoyer à la corbeille et il me reste aussi des logs de Yoog_fix entres autres, je peux aussi les envoyer à la poubelle? Voila le regscanner: ================================================== Registry Key : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72} Name : URL Type : REG_SZ Data : http://www6.yoog.com/search.php?q={searchTerms} Key Modified Time : 08/02/2009 03:46:14 Data Length : 48 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72} Name : DisplayName Type : REG_SZ Data : Yoog Search Key Modified Time : 08/02/2009 03:46:14 Data Length : 12 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Search Assistant\ACMru\5603 Name : 001 Type : REG_SZ Data : yoog Key Modified Time : 08/02/2009 23:51:10 Data Length : 5 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Search Assistant\ACMru\5604 Name : 001 Type : REG_SZ Data : yoog Key Modified Time : 08/02/2009 23:51:10 Data Length : 5 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Name : 66 Type : REG_BINARY Data : 46 00 69 00 78 00 5F 00 59 00 6F 00 6F 00 67 00 2E 00 74 00 78 00 74 00 00 00 4C 00 32 00 00 00 00 00 00 00 00 00 00 00 46 69 78 5F 59 6F 6F 67 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 46 00 69 00 78 00 5F 00 59 00 6F 00 6F 00 67 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 00 00 Key Modified Time : 11/02/2009 01:05:32 Data Length : 104 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt Name : 8 Type : REG_BINARY Data : 46 00 69 00 78 00 5F 00 59 00 6F 00 6F 00 67 00 2E 00 74 00 78 00 74 00 00 00 4C 00 32 00 00 00 00 00 00 00 00 00 00 00 46 69 78 5F 59 6F 6F 67 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 46 00 69 00 78 00 5F 00 59 00 6F 00 6F 00 67 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 00 00 Key Modified Time : 11/02/2009 01:05:21 Data Length : 104 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage Name : ProgramsCache Type : REG_BINARY Data : 09 00 00 00 0B 00 46 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 00 00 01 C0 00 00 00 BE 00 32 00 3F 06 00 00 77 31 BD AA 20 00 41 53 53 49 53 54 7E 31 2E 4C 4E 4B 00 00 4A 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5A AD 14 00 00 00 41 00 73 00 73 00 69 00 73 00 74 00 61 00 6E 00 63 00 65 00 20 00 E0 00 20 00 64 00 69 00 73 00 74 00 61 00 6E 00 63 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 59 00 53 00 54 00 45 00 4D 00 52 00 4F 00 4F 00 54 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 72 00 63 00 69 00 6D 00 6C 00 62 00 79 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 E0 00 00 00 DE 00 32 00 1C 03 00 00 5E 37 B8 02 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 48 00 03 00 04 00 EF BE 5E 37 B8 02 49 3A 5A AD 14 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 65 00 64 00 69 00 61 00 20 00 50 00 6C 00 61 00 79 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 7A 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 65 00 64 00 69 00 61 00 20 00 50 00 6C 00 61 00 79 00 65 00 72 00 5C 00 77 00 6D 00 70 00 6C 00 61 00 79 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 8C 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 46 00 31 00 00 00 00 00 35 39 37 33 10 00 41 43 43 45 53 53 7E 31 00 00 2E 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A 0E A9 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 6F 00 69 00 72 00 65 00 73 00 00 00 18 00 00 00 01 A0 00 00 00 9E 00 32 00 82 01 00 00 77 31 BD AA 20 00 41 53 53 49 53 54 7E 31 2E 4C 4E 4B 00 00 6C 00 03 00 04 00 EF BE 5C 37 55 BB 49 3A 5A AD 14 00 00 00 41 00 73 00 73 00 69 00 73 00 74 00 61 00 6E 00 74 00 20 00 43 00 6F 00 6D 00 70 00 61 00 74 00 69 00 62 00 69 00 6C 00 69 00 74 00 E9 00 20 00 64 00 65 00 73 00 20 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 16 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 00 00 00 00 1C 00 00 00 01 AA 00 00 00 A8 00 32 00 EF 05 00 00 77 31 BD AA 20 00 42 4C 4F 43 2D 4E 7E 31 2E 4C 4E 4B 00 00 34 00 03 00 04 00 EF BE 5C 37 55 BB 49 3A 0E A9 14 00 00 00 42 00 6C 00 6F 00 63 00 2D 00 6E 00 6F 00 74 00 65 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 6E 00 6F 00 74 00 65 00 70 00 61 00 64 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 C6 00 00 00 C4 00 32 00 0E 03 00 00 18 39 17 57 20 00 43 41 52 4E 45 54 7E 31 2E 4C 4E 4B 00 00 42 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5A AD 14 00 00 00 43 00 61 00 72 00 6E 00 65 00 74 00 20 00 64 00 27 00 61 00 64 00 72 00 65 00 73 00 73 00 65 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 66 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 4F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 20 00 45 00 78 00 70 00 72 00 65 00 73 00 73 00 5C 00 77 00 61 00 62 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 AC 00 00 00 AA 00 32 00 CF 05 00 00 77 31 79 AA 20 00 45 58 50 4C 4F 52 7E 31 2E 4C 4E 4B 00 00 46 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5A AD 14 00 00 00 45 00 78 00 70 00 6C 00 6F 00 72 00 61 00 74 00 65 00 75 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 48 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 B4 00 00 00 B2 00 32 00 13 06 00 00 77 31 BD AA 20 00 49 4E 56 49 54 45 7E 31 2E 4C 4E 4B 00 00 46 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5A AD 14 00 00 00 49 00 6E 00 76 00 69 00 74 00 65 00 20 00 64 00 65 00 20 00 63 00 6F 00 6D 00 6D 00 61 00 6E 00 64 00 65 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 50 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 AE 00 00 00 AC 00 32 00 EF 05 00 00 77 31 BD AA 20 00 53 59 4E 43 48 52 7E 31 2E 4C 4E 4B 00 00 38 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5A AD 14 00 00 00 53 00 79 00 6E 00 63 00 68 00 72 00 6F 00 6E 00 69 00 73 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 6D 00 6F 00 62 00 73 00 79 00 6E 00 63 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 D0 00 00 00 CE 00 32 00 F7 05 00 00 77 31 BD AA 20 00 56 49 53 49 54 45 7E 31 2E 4C 4E 4B 00 00 56 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5A AD 14 00 00 00 56 00 69 00 73 00 69 00 74 00 65 00 20 00 67 00 75 00 69 00 64 00 E9 00 65 00 20 00 64 00 65 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 58 00 50 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 5C 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 74 00 6F 00 75 00 72 00 73 00 74 00 61 00 72 00 74 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 D6 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 46 00 31 00 00 00 00 00 35 39 37 33 10 00 41 43 43 45 53 53 7E 31 00 00 2E 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A 0E A9 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 6F 00 69 00 72 00 65 00 73 00 00 00 18 00 4A 00 31 00 00 00 00 00 79 31 46 1B 10 00 41 43 43 45 53 53 7E 31 00 00 32 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A 0E A9 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 69 00 62 00 69 00 6C 00 69 00 74 00 E9 00 00 00 18 00 00 00 01 AA 00 00 00 A8 00 32 00 E5 05 00 00 35 39 01 33 20 00 43 4C 41 56 49 45 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE 5C 37 55 BB 49 3A 5A AD 14 00 00 00 43 00 6C 00 61 00 76 00 69 00 65 00 72 00 20 00 76 00 69 00 73 00 75 00 65 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 50 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 6F 00 73 00 6B 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 CA 00 00 00 C8 00 32 00 03 06 00 00 77 31 BD AA 20 00 47 45 53 54 49 4F 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE 5C 37 55 BB 49 3A 5A AD 14 00 00 00 47 00 65 00 73 00 74 00 69 00 6F 00 6E 00 6E 00 61 00 69 00 72 00 65 00 20 00 64 00 27 00 75 00 74 00 69 00 6C 00 69 00 74 00 61 00 69 00 72 00 65 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 75 00 74 00 69 00 6C 00 6D 00 61 00 6E 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 9C 00 00 00 9A 00 32 00 FD 05 00 00 3D 3A 1C A5 20 00 4C 6F 75 70 65 2E 6C 6E 6B 00 2A 00 03 00 04 00 EF BE 5C 37 55 BB 49 3A 5B AD 14 00 00 00 4C 00 6F 00 75 00 70 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 6D 00 61 00 67 00 6E 00 69 00 66 00 79 00 2E 00 65 00 78 00 65 00 00 00 00 00 18 00 00 00 00 D8 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 46 00 31 00 00 00 00 00 35 39 37 33 10 00 41 43 43 45 53 53 7E 31 00 00 2E 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A 0E A9 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 6F 00 69 00 72 00 65 00 73 00 00 00 18 00 4C 00 31 00 00 00 00 00 5E 37 97 AA 10 00 4F 55 54 49 4C 53 7E 31 00 00 34 00 03 00 04 00 EF BE 5E 37 97 AA 49 3A 0E A9 14 00 00 00 4F 00 75 00 74 00 69 00 6C 00 73 00 20 00 73 00 79 00 73 00 74 00 E8 00 6D 00 65 00 00 00 18 00 00 00 01 0E 01 00 00 0C 01 32 00 49 03 00 00 5E 37 97 AA 20 00 49 4E 54 45 52 4E 7E 31 2E 4C 4E 4B 00 00 7C 00 03 00 04 00 EF BE 5E 37 97 AA 49 3A 5B AD 14 00 00 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 20 00 28 00 73 00 61 00 6E 00 73 00 20 00 6D 00 6F 00 64 00 75 00 6C 00 65 00 20 00 63 00 6F 00 6D 00 70 00 6C 00 E9 00 6D 00 65 00 6E 00 74 00 61 00 69 00 72 00 65 00 29 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 74 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 5C 00 69 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 86 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 40 00 31 00 00 00 00 00 35 39 07 2A 10 00 43 43 6C 65 61 6E 65 72 00 00 28 00 03 00 04 00 EF BE 35 39 07 2A 49 3A 0E A9 14 00 00 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 00 00 18 00 00 00 01 B0 00 00 00 AE 00 32 00 20 06 00 00 35 39 07 2A 20 00 43 43 6C 65 61 6E 65 72 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 35 39 07 2A 49 3A 5B AD 14 00 00 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 62 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 5C 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 A6 00 00 00 A4 00 32 00 4A 00 00 00 35 39 07 2A 20 00 43 43 4C 45 41 4E 7E 31 2E 55 52 4C 00 00 42 00 03 00 04 00 EF BE 35 39 07 2A 49 3A 5B AD 14 00 00 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 48 00 6F 00 6D 00 65 00 70 00 61 00 67 00 65 00 2E 00 75 00 72 00 6C 00 00 00 1C 00 46 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 77 00 77 00 77 00 2E 00 63 00 63 00 6C 00 65 00 61 00 6E 00 65 00 72 00 2E 00 63 00 6F 00 6D 00 2F 00 00 00 00 00 1C 00 00 00 01 C0 00 00 00 BE 00 32 00 59 05 00 00 35 39 07 2A 20 00 55 4E 49 4E 53 54 7E 31 2E 4C 4E 4B 00 00 44 00 03 00 04 00 EF BE 35 39 07 2A 49 3A 5B AD 14 00 00 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 20 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 5E 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 5C 00 75 00 6E 00 69 00 6E 00 73 00 74 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 96 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 50 00 31 00 00 00 00 00 2D 38 54 02 10 00 43 44 42 55 52 4E 7E 31 00 00 38 00 03 00 04 00 EF BE 2D 38 53 02 49 3A 0E A9 14 00 00 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 00 00 18 00 00 00 01 1E 01 00 00 1C 01 32 00 FE 07 00 00 2D 38 53 02 20 00 43 44 42 55 52 4E 7E 31 2E 4C 4E 4B 00 00 40 00 03 00 04 00 EF BE 2D 38 53 02 49 3A 5B AD 14 00 00 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 C0 00 00 00 0B 00 EF BE 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 5C 00 63 00 64 00 62 00 78 00 70 00 2E 00 65 00 78 00 65 00 00 00 01 00 5A 00 6B 00 46 00 32 00 54 00 49 00 34 00 45 00 31 00 3D 00 50 00 36 00 6E 00 70 00 36 00 7E 00 4C 00 36 00 33 00 5A 00 3E 00 37 00 7E 00 69 00 4F 00 30 00 3F 00 43 00 75 00 37 00 40 00 5B 00 53 00 4A 00 47 00 3F 00 6A 00 61 00 6F 00 24 00 32 00 00 00 00 00 1C 00 00 00 01 EE 00 00 00 EC 00 32 00 BC 02 00 00 2D 38 53 02 20 00 43 44 42 55 52 4E 7E 32 2E 4C 4E 4B 00 00 5A 00 03 00 04 00 EF BE 2D 38 53 02 49 3A 5B AD 14 00 00 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 20 00 4F 00 6E 00 2D 00 6C 00 69 00 6E 00 65 00 20 00 48 00 65 00 6C 00 70 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 76 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 5C 00 4F 00 6E 00 6C 00 69 00 6E 00 65 00 48 00 65 00 6C 00 70 00 2E 00 75 00 72 00 6C 00 00 00 00 00 1C 00 00 00 01 E6 00 00 00 E4 00 32 00 9F 02 00 00 2D 38 54 02 20 00 43 44 42 55 52 4E 7E 33 2E 4C 4E 4B 00 00 5C 00 03 00 04 00 EF BE 2D 38 54 02 49 3A 5B AD 14 00 00 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 20 00 53 00 75 00 70 00 70 00 6F 00 72 00 74 00 20 00 46 00 6F 00 72 00 75 00 6D 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 6C 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 5C 00 46 00 6F 00 72 00 75 00 6D 00 2E 00 75 00 72 00 6C 00 00 00 00 00 1C 00 00 00 01 E0 00 00 00 DE 00 32 00 AB 02 00 00 2D 38 54 02 20 00 43 44 42 55 52 4E 7E 34 2E 4C 4E 4B 00 00 52 00 03 00 04 00 EF BE 2D 38 54 02 49 3A 5B AD 14 00 00 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 20 00 57 00 65 00 62 00 20 00 50 00 61 00 67 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 70 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 5C 00 57 00 65 00 62 00 50 00 61 00 67 00 65 00 2E 00 75 00 72 00 6C 00 00 00 00 00 1C 00 00 00 01 E4 00 00 00 E2 00 32 00 39 07 00 00 2D 38 53 02 20 00 4C 49 43 45 4E 53 7E 31 2E 4C 4E 4B 00 00 42 00 03 00 04 00 EF BE 2D 38 53 02 49 3A 5B AD 14 00 00 00 4C 00 69 00 63 00 65 00 6E 00 73 00 65 00 20 00 41 00 67 00 72 00 65 00 65 00 6D 00 65 00 6E 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 84 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 5C 00 4C 00 69 00 63 00 65 00 6E 00 73 00 65 00 20 00 41 00 67 00 72 00 65 00 65 00 6D 00 65 00 6E 00 74 00 2E 00 74 00 78 00 74 00 00 00 00 00 1C 00 00 00 01 C6 00 00 00 C4 00 32 00 21 07 00 00 2D 38 54 02 20 00 55 4E 49 4E 53 54 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE 2D 38 54 02 49 3A 5B AD 14 00 00 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 20 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 54 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 6D 00 73 00 69 00 65 00 78 00 65 00 63 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 9A 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 54 00 31 00 00 00 00 00 73 39 0B 5A 10 00 44 52 49 56 45 52 7E 31 00 00 3C 00 03 00 04 00 EF BE 73 39 0B 5A 49 3A 0E A9 14 00 00 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 00 00 18 00 00 00 01 D8 00 00 00 D6 00 32 00 7A 06 00 00 73 39 0B 5A 20 00 44 52 49 56 45 52 7E 31 2E 4C 4E 4B 00 00 44 00 03 00 04 00 EF BE 73 39 0B 5A 49 3A 5B AD 14 00 00 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 76 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 5C 00 44 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 B8 00 00 00 B6 00 32 00 7A 06 00 00 73 39 0B 5A 20 00 48 65 6C 70 2E 6C 6E 6B 00 00 28 00 03 00 04 00 EF BE 73 39 0B 5A 49 3A 5B AD 14 00 00 00 48 00 65 00 6C 00 70 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 76 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 5C 00 44 00 43 00 50 00 45 00 48 00 65 00 6C 00 70 00 2E 00 63 00 68 00 6D 00 00 00 00 00 18 00 00 00 01 BE 00 00 00 BC 00 32 00 71 06 00 00 73 39 0B 5A 20 00 4C 69 63 65 6E 73 65 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 73 39 0B 5A 49 3A 5B AD 14 00 00 00 4C 00 69 00 63 00 65 00 6E 00 73 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 74 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 5C 00 4C 00 69 00 63 00 65 00 6E 00 73 00 65 00 2E 00 74 00 78 00 74 00 00 00 00 00 1A 00 00 00 01 BA 00 00 00 B8 00 32 00 6A 06 00 00 73 39 0B 5A 20 00 52 65 61 64 6D 65 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 73 39 0B 5A 49 3A 5B AD 14 00 00 00 52 00 65 00 61 00 64 00 6D 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 72 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 5C 00 52 00 65 00 61 00 64 00 6D 00 65 00 2E 00 74 00 78 00 74 00 00 00 00 00 1A 00 00 00 01 C8 00 00 00 C6 00 32 00 81 06 00 00 73 39 0B 5A 20 00 55 4E 49 4E 53 54 7E 31 2E 4C 4E 4B 00 00 32 00 03 00 04 00 EF BE 73 39 0B 5A 49 3A 5B AD 14 00 00 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 78 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 5C 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 90 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 4A 00 31 00 00 00 00 00 99 39 C5 A0 10 00 46 52 45 54 53 4F 7E 31 00 00 32 00 03 00 04 00 EF BE 99 39 C5 A0 49 3A 0E A9 14 00 00 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 00 00 18 00 00 00 01 CA 00 00 00 C8 00 32 00 54 06 00 00 99 39 C5 A0 20 00 46 52 45 54 53 4F 7E 31 2E 4C 4E 4B 00 00 3A 00 03 00 04 00 EF BE 99 39 C5 A0 49 3A 5B AD 14 00 00 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 72 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 5C 00 46 00 72 00 65 00 74 00 73 00 4F 00 6E 00 46 00 69 00 72 00 65 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 E0 00 00 00 DE 00 32 00 4B 00 00 00 99 39 C5 A0 20 00 46 52 45 54 53 4F 7E 31 2E 55 52 4C 00 00 4A 00 03 00 04 00 EF BE 99 39 C5 A0 49 3A 5B AD 14 00 00 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 20 00 57 00 65 00 62 00 70 00 61 00 67 00 65 00 2E 00 75 00 72 00 6C 00 00 00 1C 00 78 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 6C 00 6F 00 75 00 68 00 69 00 2E 00 6B 00 65 00 6D 00 70 00 65 00 6C 00 65 00 2E 00 66 00 69 00 2F 00 7E 00 73 00 6B 00 79 00 6F 00 73 00 74 00 69 00 6C 00 2F 00 75 00 76 00 2F 00 66 00 72 00 65 00 74 00 73 00 6F 00 6E 00 66 00 69 00 72 00 65 00 2F 00 00 00 00 00 1C 00 00 00 01 B0 00 00 00 AE 00 32 00 D5 02 00 00 99 39 C5 A0 20 00 52 65 61 64 6D 65 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 99 39 C5 A0 49 3A 5B AD 14 00 00 00 52 00 65 00 61 00 64 00 6D 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 68 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 5C 00 72 00 65 00 61 00 64 00 6D 00 65 00 2E 00 74 00 78 00 74 00 00 00 00 00 1A 00 00 00 01 DA 00 00 00 D8 00 32 00 2B 02 00 00 99 39 C5 A0 20 00 55 4E 49 4E 53 54 7E 31 2E 4C 4E 4B 00 00 4E 00 03 00 04 00 EF BE 99 39 C5 A0 49 3A 5B AD 14 00 00 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 20 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 6E 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 5C 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 94 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 4E 00 31 00 00 00 00 00 22 32 EB 08 10 00 4D 49 43 52 4F 53 7E 31 00 00 36 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A 0E A9 14 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 57 00 6F 00 72 00 6B 00 73 00 00 00 18 00 00 00 01 B0 00 00 00 AE 00 32 00 9F 06 00 00 22 32 EB 08 20 00 49 4E 53 54 41 4C 7E 31 2E 4C 4E 4B 00 00 52 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5B AD 14 00 00 00 49 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 65 00 72 00 20 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 57 00 6F 00 72 00 6B 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 40 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 68 00 70 00 5C 00 62 00 69 00 6E 00 5C 00 63 00 6C 00 6F 00 61 00 6B 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 8A 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 44 00 31 00 00 00 00 00 52 39 D1 00 10 00 4D 4F 44 45 52 4E 7E 31 00 00 2C 00 03 00 04 00 EF BE 3C 39 85 B4 49 3A 0E A9 14 00 00 00 4D 00 6F 00 64 00 65 00 72 00 6E 00 52 00 63 00 6F 00 6E 00 00 00 18 00 00 00 01 D0 00 00 00 CE 00 32 00 59 06 00 00 31 3A 49 B2 20 00 4D 4F 44 45 52 4E 7E 31 2E 4C 4E 4B 00 00 3E 00 03 00 04 00 EF BE 3C 39 86 B4 49 3A 5B AD 14 00 00 00 4D 00 6F 00 64 00 65 00 72 00 6E 00 52 00 63 00 6F 00 6E 00 20 00 76 00 30 00 2E 00 37 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 74 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 4D 00 6F 00 64 00 65 00 72 00 6E 00 52 00 63 00 6F 00 6E 00 5C 00 4D 00 6F 00 64 00 65 00 72 00 6E 00 52 00 63 00 6F 00 6E 00 5F 00 76 00 30 00 2E 00 37 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 D6 00 00 00 D4 00 32 00 CC 02 00 00 31 3A 49 B2 20 00 55 4E 49 4E 53 54 7E 31 2E 4C 4E 4B 00 00 52 00 03 00 04 00 EF BE 3C 39 86 B4 49 3A 5B AD 14 00 00 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 20 00 4D 00 6F 00 64 00 65 00 72 00 6E 00 52 00 63 00 6F 00 6E 00 20 00 76 00 30 00 2E 00 37 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 66 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 4D 00 6F 00 64 00 65 00 72 00 6E 00 52 00 63 00 6F 00 6E 00 5C 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 80 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 3A 00 31 00 00 00 00 00 4A 39 2C 8E 10 00 57 69 6E 52 41 52 00 00 24 00 03 00 04 00 EF BE 4A 39 2C 8E 49 3A 0E A9 14 00 00 00 57 00 69 00 6E 00 52 00 41 00 52 00 00 00 16 00 00 00 01 B4 00 00 00 B2 00 32 00 D8 02 00 00 4A 39 2C 8E 20 00 41 49 44 45 44 45 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE 4A 39 2C 8E 49 3A 5B AD 14 00 00 00 41 00 69 00 64 00 65 00 20 00 64 00 65 00 20 00 57 00 69 00 6E 00 52 00 41 00 52 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 5A 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 57 00 69 00 6E 00 52 00 41 00 52 00 5C 00 57 00 69 00 6E 00 52 00 41 00 52 00 2E 00 63 00 68 00 6D 00 00 00 00 00 1C 00 00 00 01 C2 00 00 00 C0 00 32 00 C5 02 00 00 4A 39 2C 8E 20 00 4D 41 4E 55 45 4C 7E 31 2E 4C 4E 4B 00 00 50 00 03 00 04 00 EF BE 4A 39 2C 8E 49 3A 5B AD 14 00 00 00 4D 00 61 00 6E 00 75 00 65 00 6C 00 20 00 64 00 65 00 20 00 6C 00 61 00 20 00 63 00 6F 00 6E 00 73 00 6F 00 6C 00 65 00 20 00 52 00 41 00 52 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 54 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 57 00 69 00 6E 00 52 00 41 00 52 00 5C 00 52 00 61 00 72 00 2E 00 74 00 78 00 74 00 00 00 00 00 1C 00 00 00 01 A2 00 00 00 A0 00 32 00 D8 02 00 00 4A 39 2C 8E 20 00 57 69 6E 52 41 52 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 4A 39 2C 8E 49 3A 5B AD 14 00 00 00 57 00 69 00 6E 00 52 00 41 00 52 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 5A 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 57 00 69 00 6E 00 52 00 41 00 52 00 5C 00 57 00 69 00 6E 00 52 00 41 00 52 00 2E 00 65 00 78 00 65 00 00 00 00 00 1A 00 00 00 02 16 00 46 00 00 00 44 00 31 00 00 00 00 00 49 3A 44 A6 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 79 31 30 1B 49 3A 44 A6 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 00 00 01 78 01 00 00 76 01 32 00 30 08 00 00 91 37 A2 82 20 00 41 44 4F 42 45 50 7E 31 2E 4C 4E 4B 00 00 78 00 03 00 04 00 EF BE 91 37 A2 82 49 3A 5B AD 14 00 00 00 41 00 64 00 6F 00 62 00 65 00 20 00 50 00 68 00 6F 00 74 00 6F 00 73 00 68 00 6F 00 70 00 20 00 41 00 6C 00 62 00 75 00 6D 00 20 00 45 00 64 00 69 00 74 00 69 00 6F 00 6E 00 20 00 44 00 E9 00 63 00 6F 00 75 00 76 00 65 00 72 00 74 00 65 00 20 00 33 00 2E 00 32 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 E2 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 41 00 64 00 6F 00 62 00 65 00 5C 00 50 00 68 00 6F 00 74 00 6F 00 73 00 68 00 6F 00 70 00 20 00 41 00 6C 00 62 00 75 00 6D 00 20 00 45 00 64 00 69 00 74 00 69 00 6F 00 6E 00 20 00 44 00 E9 00 63 00 6F 00 75 00 76 00 65 00 72 00 74 00 65 00 5C 00 33 00 2E 00 32 00 5C 00 41 00 70 00 70 00 73 00 5C 00 50 00 68 00 6F 00 74 00 6F 00 73 00 68 00 6F 00 70 00 20 00 41 00 6C 00 62 00 75 00 6D 00 20 00 53 00 74 00 61 00 72 00 74 00 65 00 72 00 20 00 45 00 64 00 69 00 74 00 69 00 6F 00 6E 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 52 01 00 00 50 01 32 00 2B 09 00 00 49 3A D2 52 20 00 41 44 4F 42 45 52 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE 3E 39 F7 52 49 3A 5B AD 14 00 00 00 41 00 64 00 6F 00 62 00 65 00 20 00 52 00 65 00 61 00 64 00 65 00 72 00 20 00 39 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F8 00 00 00 0B 00 EF BE 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 41 00 64 00 6F 00 62 00 65 00 5C 00 52 00 65 00 61 00 64 00 65 00 72 00 20 00 39 00 2E 00 30 00 5C 00 52 00 65 00 61 00 64 00 65 00 72 00 5C 00 41 00 63 00 72 00 6F 00 52 00 64 00 33 00 32 00 2E 00 65 00 78 00 65 00 00 00 01 00 33 00 34 00 54 00 4C 00 60 00 6C 00 72 00 76 00 35 00 28 00 38 00 48 00 28 00 36 00 21 00 24 00 2C 00 43 00 43 00 21 00 52 00 65 00 61 00 64 00 65 00 72 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 46 00 69 00 6C 00 65 00 73 00 3E 00 6C 00 7B 00 6E 00 5E 00 72 00 79 00 3F 00 4F 00 74 00 40 00 32 00 64 00 31 00 6C 00 63 00 21 00 59 00 4A 00 51 00 72 00 00 00 00 00 1C 00 00 00 01 A6 00 00 00 A4 00 32 00 35 06 00 00 22 32 44 09 20 00 4D 59 50 43 43 48 7E 31 2E 4C 4E 4B 00 00 38 00 03 00 04 00 EF BE 22 32 44 09 49 3A 5B AD 14 00 00 00 4D 00 79 00 20 00 50 00 43 00 20 00 43 00 68 00 6F 00 69 00 63 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 50 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 68 00 70 00 5C 00 56 00 49 00 4E 00 45 00 54 00 4C 00 49 00 4E 00 4B 00 5C 00 56 00 49 00 4E 00 45 00 54 00 4C 00 49 00 4E 00 4B 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 BA 00 00 00 B8 00 32 00 5E 03 00 00 24 39 F6 7A 20 00 50 41 49 4E 54 4E 7E 31 2E 4C 4E 4B 00 00 32 00 03 00 04 00 EF BE 81 37 D3 6D 49 3A 5B AD 14 00 00 00 50 00 61 00 69 00 6E 00 74 00 2E 00 4E 00 45 00 54 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 6A 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 50 00 61 00 69 00 6E 00 74 00 2E 00 4E 00 45 00 54 00 5C 00 50 00 61 00 69 00 6E 00 74 00 44 00 6F 00 74 00 4E 00 65 00 74 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 02 01 00 00 00 01 32 00 3E 07 00 00 79 39 2B 88 20 00 53 61 66 61 72 69 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 8E 38 B2 62 49 3A 5B AD 14 00 00 00 53 00 61 00 66 00 61 00 72 00 69 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 BA 00 00 00 0B 00 EF BE 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 53 00 61 00 66 00 61 00 72 00 69 00 5C 00 53 00 61 00 66 00 61 00 72 00 69 00 2E 00 65 00 78 00 65 00 00 00 01 00 26 00 24 00 74 00 44 00 44 00 43 00 46 00 47 00 56 00 40 00 62 00 47 00 6C 00 2C 00 67 00 76 00 69 00 7E 00 50 00 25 00 53 00 61 00 66 00 61 00 72 00 69 00 3E 00 4B 00 78 00 27 00 52 00 5E 00 35 00 4E 00 55 00 44 00 39 00 36 00 6F 00 60 00 40 00 74 00 5B 00 4F 00 60 00 40 00 31 00 00 00 00 00 1A 00 00 00 01 CA 00 00 00 C8 00 32 00 12 03 00 00 77 31 7C AA 20 00 57 49 4E 44 4F 57 7E 32 2E 4C 4E 4B 00 00 46 00 03 00 04 00 EF BE 77 31 7C AA 49 3A 5B AD 14 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 6F 00 76 00 69 00 65 00 20 00 4D 00 61 00 6B 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 66 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 4D 00 6F 00 76 00 69 00 65 00 20 00 4D 00 61 00 6B 00 65 00 72 00 5C 00 6D 00 6F 00 76 00 69 00 65 00 6D 00 6B 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 8C 00 00 00 44 00 31 00 00 00 00 00 49 3A 44 A6 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 79 31 30 1B 49 3A 44 A6 14 00 00 00 50 00 72 00 6F Key Modified Time : 11/02/2009 01:03:34 Data Length : 69 908 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 09/03/2008 13:25:53 Data Length : 4 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 09/03/2008 13:25:53 Data Length : 4 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 09/03/2008 13:25:54 Data Length : 4 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 09/03/2008 13:25:54 Data Length : 4 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 09/03/2008 13:25:54 Data Length : 4 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 09/03/2008 13:25:54 Data Length : 4 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:04:21 Data Length : 4 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:04:21 Data Length : 4 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:04:24 Data Length : 4 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:04:24 Data Length : 4 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:04:24 Data Length : 4 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:04:24 Data Length : 4 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop Name : ItemPos800x600(1) Type : REG_BINARY Data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1A 00 00 00 02 00 00 00 14 00 1F 60 40 F0 5F 64 81 50 1B 10 9F 08 00 AA 00 2F 95 4E 6F 00 00 00 16 02 00 00 14 00 1F 68 80 53 1C 87 A0 42 69 10 A2 EA 08 00 2B 30 30 9D 6F 00 00 00 7E 01 00 00 58 00 3A 00 C9 06 00 00 49 3A D2 52 20 00 41 44 4F 42 45 52 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE 49 3A D2 52 49 3A 8A B4 14 00 00 00 41 00 64 00 6F 00 62 00 65 00 20 00 52 00 65 00 61 00 64 00 65 00 72 00 20 00 39 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 6F 00 00 00 32 01 00 00 70 00 3A 00 19 06 00 00 48 3A 02 BB 20 00 50 43 49 4E 53 50 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE 48 3A 02 BB 49 3A 8A B4 14 00 00 00 50 00 43 00 20 00 49 00 6E 00 73 00 70 00 65 00 63 00 74 00 6F 00 72 00 20 00 46 00 69 00 6C 00 65 00 20 00 52 00 65 00 63 00 6F 00 76 00 65 00 72 00 79 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 C4 00 00 00 4E 00 00 00 3A 00 31 00 00 00 00 00 49 3A 6C AC 10 00 42 4F 52 44 45 4C 00 00 24 00 03 00 04 00 EF BE 3D 3A 72 AB 4A 3A 00 0A 14 00 00 00 42 00 4F 00 52 00 44 00 45 00 4C 00 00 00 16 00 1A 00 00 00 CA 01 00 00 46 00 31 00 00 00 00 00 47 3A F2 BC 10 00 46 45 41 52 31 30 7E 31 00 00 2E 00 03 00 04 00 EF BE 47 3A F1 BC 4A 3A 00 0A 14 00 00 00 66 00 65 00 61 00 72 00 31 00 30 00 31 00 74 00 72 00 6E 00 37 00 00 00 18 00 1A 00 00 00 4E 00 00 00 34 00 31 00 00 00 00 00 42 3A 20 6D 10 00 4A 65 75 78 00 00 20 00 03 00 04 00 EF BE 3D 3A 6A AB 4A 3A 0E 09 14 00 00 00 4A 00 65 00 75 00 78 00 00 00 14 00 1A 00 00 00 E6 00 00 00 4E 00 31 00 00 00 00 00 48 3A 62 14 10 00 4E 4F 55 56 45 41 7E 31 00 00 36 00 03 00 04 00 EF BE 44 3A CD 14 4A 3A 00 0A 14 00 00 00 4E 00 6F 00 75 00 76 00 65 00 61 00 75 00 20 00 64 00 6F 00 73 00 73 00 69 00 65 00 72 00 00 00 18 00 16 04 00 00 E6 00 00 00 56 00 31 00 00 00 00 00 49 3A 74 AC 10 00 4E 4F 55 56 45 41 7E 32 00 00 3E 00 03 00 04 00 EF BE 49 3A 71 AC 4A 3A 00 0A 14 00 00 00 4E 00 6F 00 75 00 76 00 65 00 61 00 75 00 20 00 64 00 6F 00 73 00 73 00 69 00 65 00 72 00 20 00 28 00 32 00 29 00 00 00 18 00 1A 00 00 00 46 03 00 00 4E 00 31 00 00 00 00 00 49 3A 09 BE 10 00 52 41 44 46 43 32 7E 31 00 00 36 00 03 00 04 00 EF BE 49 3A 09 BE 4A 3A 00 0A 14 00 00 00 72 00 61 00 64 00 66 00 63 00 32 00 76 00 31 00 30 00 32 00 74 00 72 00 6E 00 31 00 35 00 00 00 18 00 1A 00 00 00 16 02 00 00 3C 00 31 00 00 00 00 00 48 3A FC 4D 10 00 54 63 70 56 69 65 77 00 26 00 03 00 04 00 EF BE 48 3A FC 4D 4A 3A 00 0A 14 00 00 00 54 00 63 00 70 00 56 00 69 00 65 00 77 00 00 00 16 00 6F 00 00 00 4E 00 00 00 46 00 31 00 00 00 00 00 48 3A 77 17 10 00 55 54 49 4C 49 54 7E 31 00 00 2E 00 03 00 04 00 EF BE 3D 3A 6F AB 4A 3A 00 0A 14 00 00 00 55 00 54 00 49 00 4C 00 49 00 54 00 41 00 49 00 52 00 45 00 53 00 00 00 18 00 6F 00 00 00 CA 01 00 00 4C 00 32 00 CD 8A 2C 00 49 3A 0F A2 21 00 43 6F 6D 62 6F 46 69 78 2E 65 78 65 00 00 30 00 03 00 04 00 EF BE 49 3A 0B A2 49 3A 44 AD 14 00 00 00 43 00 6F 00 6D 00 62 00 6F 00 46 00 69 00 78 00 2E 00 65 00 78 00 65 00 00 00 1C 00 6F 00 00 00 E6 00 00 00 40 00 32 00 1B EE 0B 00 48 3A 81 A5 20 00 52 53 49 54 2E 65 78 65 00 00 28 00 03 00 04 00 EF BE 48 3A 80 A5 48 3A 3B B3 14 00 00 00 52 00 53 00 49 00 54 00 2E 00 65 00 78 00 65 00 00 00 18 00 19 01 00 00 4E 00 00 00 48 00 32 00 14 C7 00 00 3F 3A B5 68 20 00 42 75 72 65 61 75 31 2E 72 61 72 00 2E 00 03 00 04 00 EF BE 3F 3A B5 68 49 3A 40 A9 14 00 00 00 42 00 75 00 72 00 65 00 61 00 75 00 31 00 2E 00 72 00 61 00 72 00 00 00 1A 00 19 01 00 00 9A 00 00 00 48 00 32 00 8C 42 0D 25 47 3A 3B 45 20 00 42 75 72 65 61 75 32 2E 72 61 72 00 2E 00 03 00 04 00 EF BE 47 3A 0D 44 4A 3A E2 08 14 00 00 00 42 00 75 00 72 00 65 00 61 00 75 00 32 00 2E 00 72 00 61 00 72 00 00 00 1A 00 1A 00 00 00 9A 00 00 00 46 00 32 00 4C 04 84 1A 3F 3A 9D 1C 20 00 42 75 72 65 61 75 2E 72 61 72 00 00 2C 00 03 00 04 00 EF BE 3F 3A D1 1B 48 3A 3B B3 14 00 00 00 42 00 75 00 72 00 65 00 61 00 75 00 2E 00 72 00 61 00 72 00 00 00 1A 00 1A 00 00 00 AE 02 00 00 3C 00 32 00 3C 5D 00 00 49 3A 32 BA 20 00 46 43 32 2E 72 61 72 00 26 00 03 00 04 00 EF BE 49 3A 31 BA 49 3A 32 BA 14 00 00 00 46 00 43 00 32 00 2E 00 72 00 61 00 72 00 00 00 16 00 6F 00 00 00 9A 00 00 00 5A 00 32 00 54 19 81 02 35 3A 7A 12 20 00 4E 4F 55 56 45 41 7E 31 2E 52 41 52 00 00 3E 00 03 00 04 00 EF BE 35 3A 6D 12 48 3A 3B B3 14 00 00 00 4E 00 6F 00 75 00 76 00 65 00 61 00 75 00 20 00 64 00 6F 00 73 00 73 00 69 00 65 00 72 00 2E 00 72 00 61 00 72 00 00 00 1C 00 C4 00 00 00 9A 00 00 00 40 00 32 00 04 C6 14 03 97 39 93 02 20 00 74 65 73 74 2E 72 61 72 00 00 28 00 03 00 04 00 EF BE 97 39 81 02 48 3A 60 AF 14 00 00 00 74 00 65 00 73 00 74 00 2E 00 72 00 61 00 72 00 00 00 18 00 C2 02 00 00 16 02 00 00 48 00 32 00 5E A7 01 00 48 3A 94 B6 20 00 57 61 72 6E 69 6E 67 2E 72 61 72 00 2E 00 03 00 04 00 EF BE 48 3A 94 B6 49 3A F1 96 14 00 00 00 57 00 61 00 72 00 6E 00 69 00 6E 00 67 00 2E 00 72 00 61 00 72 00 00 00 1A 00 6F 00 00 00 AE 02 00 00 5A 00 32 00 6C F2 01 00 49 3A F4 BD 20 00 52 41 44 46 43 32 7E 31 2E 5A 49 50 00 00 3E 00 03 00 04 00 EF BE 49 3A F4 BD 49 3A F4 BD 14 00 00 00 72 00 61 00 64 00 66 00 63 00 32 00 76 00 31 00 30 00 32 00 74 00 72 00 6E 00 31 00 35 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 6F 00 00 00 62 02 00 00 48 00 32 00 29 01 00 00 49 3A 63 AD 20 00 63 61 74 63 68 6D 65 2E 6C 6F 67 00 2E 00 03 00 04 00 EF BE 49 3A 95 A2 49 3A 63 AD 14 00 00 00 63 00 61 00 74 00 63 00 68 00 6D 00 65 00 2E 00 6C 00 6F 00 67 00 00 00 1A 00 C2 02 00 00 E6 00 00 00 54 00 32 00 68 0F 00 00 49 3A 49 AB 20 00 49 4E 54 31 33 45 7E 31 2E 54 58 54 00 00 38 00 03 00 04 00 EF BE 49 3A 42 AB 49 3A 49 AB 14 00 00 00 49 00 4E 00 54 00 31 00 33 00 45 00 58 00 54 00 2E 00 56 00 58 00 44 00 2E 00 74 00 78 00 74 00 00 00 1C 00 1A 00 00 00 62 02 00 00 4C 00 32 00 15 28 00 00 49 3A 38 AB 20 00 59 6F 6F 67 5F 46 69 78 2E 62 61 74 00 00 30 00 03 00 04 00 EF BE 49 3A 38 AB 49 3A 38 AB 14 00 00 00 59 00 6F 00 6F 00 67 00 5F 00 46 00 69 00 78 00 2E 00 62 00 61 00 74 00 00 00 1C 00 1A 00 00 00 FA 02 00 00 52 00 32 00 3D 70 03 00 49 3A FD BA 20 00 47 57 50 5F 52 45 7E 31 2E 4A 50 47 00 00 36 00 03 00 04 00 EF BE 49 3A FD BA 49 3A FD BA 14 00 00 00 67 00 77 00 70 00 5F 00 72 00 65 00 67 00 5F 00 31 00 5F 00 36 00 2E 00 6A 00 70 00 67 00 00 00 1C 00 1A 00 00 00 32 01 00 00 50 00 32 00 CE 06 00 00 48 3A E9 19 20 00 48 49 4A 41 43 4B 7E 31 2E 4C 4E 4B 00 00 34 00 03 00 04 00 EF BE 48 3A E9 19 49 3A 8A B4 14 00 00 00 48 00 69 00 6A 00 61 00 63 00 6B 00 54 00 68 00 69 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 C4 00 00 00 02 00 00 00 56 00 32 00 63 01 00 00 5C 37 40 BE 20 00 4D 45 53 44 4F 43 7E 31 2E 4C 4E 4B 00 00 3A 00 03 00 04 00 EF BE 5C 37 40 BE 49 3A 34 B4 14 00 00 00 4D 00 65 00 73 00 20 00 64 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 19 01 00 00 02 00 00 00 48 00 32 00 4A 06 00 00 91 39 7D 97 20 00 4D 6F 7A 69 6C 6C 61 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 91 39 7D 97 4A 3A E0 08 14 00 00 00 4D 00 6F 00 7A 00 69 00 6C 00 6C 00 61 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 6F 00 00 00 02 00 00 00 5C 00 32 00 68 00 00 00 5C 37 3D BE 20 00 50 4F 53 54 45 44 7E 31 2E 4C 4E 4B 00 00 40 00 03 00 04 00 EF BE 5C 37 3D BE 49 3A 34 B4 14 00 00 00 50 00 6F 00 73 00 74 00 65 00 20 00 64 00 65 00 20 00 74 00 72 00 61 00 76 00 61 00 69 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 1A 00 00 00 7E 01 00 00 6A 00 32 00 95 02 00 00 47 3A C2 BD 20 00 52 41 43 43 4F 55 7E 31 2E 4C 4E 4B 00 00 4E 00 03 00 04 00 EF BE 47 3A C2 BD 49 3A 8A B4 14 00 00 00 52 00 61 00 63 00 63 00 6F 00 75 00 72 00 63 00 69 00 20 00 76 00 65 00 72 00 73 00 20 00 46 00 45 00 41 00 52 00 2E 00 65 00 78 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 1A 00 00 00 7E 01 00 00 00 00 00 00 Key Modified Time : 11/02/2009 01:03:34 Data Length : 2 548 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop Name : ItemPos1280x1024(1) Type : REG_BINARY Data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1A 00 00 00 02 00 00 00 14 00 1F 60 40 F0 5F 64 81 50 1B 10 9F 08 00 AA 00 2F 95 4E 6F 00 00 00 16 02 00 00 14 00 1F 68 80 53 1C 87 A0 42 69 10 A2 EA 08 00 2B 30 30 9D 6F 00 00 00 7E 01 00 00 58 00 3A 00 C9 06 00 00 49 3A D2 52 20 00 41 44 4F 42 45 52 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE 49 3A D2 52 4A 3A 06 B0 14 00 00 00 41 00 64 00 6F 00 62 00 65 00 20 00 52 00 65 00 61 00 64 00 65 00 72 00 20 00 39 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 6F 00 00 00 32 01 00 00 70 00 3A 00 19 06 00 00 48 3A 02 BB 20 00 50 43 49 4E 53 50 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE 48 3A 02 BB 4A 3A 06 B0 14 00 00 00 50 00 43 00 20 00 49 00 6E 00 73 00 70 00 65 00 63 00 74 00 6F 00 72 00 20 00 46 00 69 00 6C 00 65 00 20 00 52 00 65 00 63 00 6F 00 76 00 65 00 72 00 79 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 C4 00 00 00 4E 00 00 00 3A 00 31 00 00 00 00 00 49 3A 6C AC 10 00 42 4F 52 44 45 4C 00 00 24 00 03 00 04 00 EF BE 3D 3A 72 AB 4A 3A 06 AF 14 00 00 00 42 00 4F 00 52 00 44 00 45 00 4C 00 00 00 16 00 1A 00 00 00 CA 01 00 00 46 00 31 00 00 00 00 00 47 3A F2 BC 10 00 46 45 41 52 31 30 7E 31 00 00 2E 00 03 00 04 00 EF BE 47 3A F1 BC 4A 3A 7C 80 14 00 00 00 66 00 65 00 61 00 72 00 31 00 30 00 31 00 74 00 72 00 6E 00 37 00 00 00 18 00 1A 00 00 00 4E 00 00 00 34 00 31 00 00 00 00 00 42 3A 20 6D 10 00 4A 65 75 78 00 00 20 00 03 00 04 00 EF BE 3D 3A 6A AB 4A 3A 8A A5 14 00 00 00 4A 00 65 00 75 00 78 00 00 00 14 00 1A 00 00 00 E6 00 00 00 4E 00 31 00 00 00 00 00 48 3A 62 14 10 00 4E 4F 55 56 45 41 7E 31 00 00 36 00 03 00 04 00 EF BE 44 3A CD 14 4A 3A A1 AB 14 00 00 00 4E 00 6F 00 75 00 76 00 65 00 61 00 75 00 20 00 64 00 6F 00 73 00 73 00 69 00 65 00 72 00 00 00 18 00 16 04 00 00 E6 00 00 00 56 00 31 00 00 00 00 00 49 3A 74 AC 10 00 4E 4F 55 56 45 41 7E 32 00 00 3E 00 03 00 04 00 EF BE 49 3A 71 AC 4A 3A 7C 80 14 00 00 00 4E 00 6F 00 75 00 76 00 65 00 61 00 75 00 20 00 64 00 6F 00 73 00 73 00 69 00 65 00 72 00 20 00 28 00 32 00 29 00 00 00 18 00 1A 00 00 00 46 03 00 00 4E 00 31 00 00 00 00 00 49 3A 09 BE 10 00 52 41 44 46 43 32 7E 31 00 00 36 00 03 00 04 00 EF BE 49 3A 09 BE 4A 3A 67 AF 14 00 00 00 72 00 61 00 64 00 66 00 63 00 32 00 76 00 31 00 30 00 32 00 74 00 72 00 6E 00 31 00 35 00 00 00 18 00 1A 00 00 00 16 02 00 00 3C 00 31 00 00 00 00 00 48 3A FC 4D 10 00 54 63 70 56 69 65 77 00 26 00 03 00 04 00 EF BE 48 3A FC 4D 4A 3A 7C 80 14 00 00 00 54 00 63 00 70 00 56 00 69 00 65 00 77 00 00 00 16 00 6F 00 00 00 4E 00 00 00 46 00 31 00 00 00 00 00 48 3A 77 17 10 00 55 54 49 4C 49 54 7E 31 00 00 2E 00 03 00 04 00 EF BE 3D 3A 6F AB 4A 3A 7C 80 14 00 00 00 55 00 54 00 49 00 4C 00 49 00 54 00 41 00 49 00 52 00 45 00 53 00 00 00 18 00 6F 00 00 00 CA 01 00 00 4C 00 32 00 CD 8A 2C 00 49 3A 0F A2 21 00 43 6F 6D 62 6F 46 69 78 2E 65 78 65 00 00 30 00 03 00 04 00 EF BE 49 3A 0B A2 49 3A 44 AD 14 00 00 00 43 00 6F 00 6D 00 62 00 6F 00 46 00 69 00 78 00 2E 00 65 00 78 00 65 00 00 00 1C 00 6F 00 00 00 FA 02 00 00 48 00 32 00 A8 B4 01 00 4A 3A 11 AB 20 00 46 6F 78 53 63 61 6E 2E 65 78 65 00 2E 00 03 00 04 00 EF BE 4A 3A 11 AB 4A 3A 17 AB 14 00 00 00 46 00 6F 00 78 00 53 00 63 00 61 00 6E 00 2E 00 65 00 78 00 65 00 00 00 1A 00 6F 00 00 00 E6 00 00 00 40 00 32 00 1B EE 0B 00 48 3A 81 A5 20 00 52 53 49 54 2E 65 78 65 00 00 28 00 03 00 04 00 EF BE 48 3A 80 A5 48 3A 3B B3 14 00 00 00 52 00 53 00 49 00 54 00 2E 00 65 00 78 00 65 00 00 00 18 00 19 01 00 00 4E 00 00 00 48 00 32 00 14 C7 00 00 3F 3A B5 68 20 00 42 75 72 65 61 75 31 2E 72 61 72 00 2E 00 03 00 04 00 EF BE 3F 3A B5 68 4A 3A 07 B0 14 00 00 00 42 00 75 00 72 00 65 00 61 00 75 00 31 00 2E 00 72 00 61 00 72 00 00 00 1A 00 19 01 00 00 9A 00 00 00 48 00 32 00 8C 42 0D 25 47 3A 3B 45 20 00 42 75 72 65 61 75 32 2E 72 61 72 00 2E 00 03 00 04 00 EF BE 47 3A 0D 44 4A 3A E2 08 14 00 00 00 42 00 75 00 72 00 65 00 61 00 75 00 32 00 2E 00 72 00 61 00 72 00 00 00 1A 00 1A 00 00 00 9A 00 00 00 46 00 32 00 4C 04 84 1A 3F 3A 9D 1C 20 00 42 75 72 65 61 75 2E 72 61 72 00 00 2C 00 03 00 04 00 EF BE 3F 3A D1 1B 48 3A 3B B3 14 00 00 00 42 00 75 00 72 00 65 00 61 00 75 00 2E 00 72 00 61 00 72 00 00 00 1A 00 1A 00 00 00 AE 02 00 00 3C 00 32 00 3C 5D 00 00 49 3A 32 BA 20 00 46 43 32 2E 72 61 72 00 26 00 03 00 04 00 EF BE 49 3A 31 BA 4A 3A E2 AA 14 00 00 00 46 00 43 00 32 00 2E 00 72 00 61 00 72 00 00 00 16 00 6F 00 00 00 9A 00 00 00 5A 00 32 00 54 19 81 02 35 3A 7A 12 20 00 4E 4F 55 56 45 41 7E 31 2E 52 41 52 00 00 3E 00 03 00 04 00 EF BE 35 3A 6D 12 48 3A 3B B3 14 00 00 00 4E 00 6F 00 75 00 76 00 65 00 61 00 75 00 20 00 64 00 6F 00 73 00 73 00 69 00 65 00 72 00 2E 00 72 00 61 00 72 00 00 00 1C 00 6F 00 00 00 46 03 00 00 46 00 32 00 08 2C 21 00 4A 3A 6F AF 20 00 51 6F 6F 62 6F 78 2E 72 61 72 00 00 2C 00 03 00 04 00 EF BE 4A 3A 6E AF 4A 3A 73 AF 14 00 00 00 51 00 6F 00 6F 00 62 00 6F 00 78 00 2E 00 72 00 61 00 72 00 00 00 1A 00 C4 00 00 00 9A 00 00 00 40 00 32 00 04 C6 14 03 97 39 93 02 20 00 74 65 73 74 2E 72 61 72 00 00 28 00 03 00 04 00 EF BE 97 39 81 02 48 3A 60 AF 14 00 00 00 74 00 65 00 73 00 74 00 2E 00 72 00 61 00 72 00 00 00 18 00 C2 02 00 00 16 02 00 00 48 00 32 00 5E A7 01 00 48 3A 94 B6 20 00 57 61 72 6E 69 6E 67 2E 72 61 72 00 2E 00 03 00 04 00 EF BE 48 3A 94 B6 49 3A F1 96 14 00 00 00 57 00 61 00 72 00 6E 00 69 00 6E 00 67 00 2E 00 72 00 61 00 72 00 00 00 1A 00 6F 00 00 00 AE 02 00 00 5A 00 32 00 6C F2 01 00 49 3A F4 BD 20 00 52 41 44 46 43 32 7E 31 2E 5A 49 50 00 00 3E 00 03 00 04 00 EF BE 49 3A F4 BD 4A 3A D6 50 14 00 00 00 72 00 61 00 64 00 66 00 63 00 32 00 76 00 31 00 30 00 32 00 74 00 72 00 6E 00 31 00 35 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 6F 00 00 00 62 02 00 00 48 00 32 00 29 01 00 00 49 3A 63 AD 20 00 63 61 74 63 68 6D 65 2E 6C 6F 67 00 2E 00 03 00 04 00 EF BE 49 3A 95 A2 49 3A 63 AD 14 00 00 00 63 00 61 00 74 00 63 00 68 00 6D 00 65 00 2E 00 6C 00 6F 00 67 00 00 00 1A 00 C2 02 00 00 E6 00 00 00 54 00 32 00 68 0F 00 00 49 3A 49 AB 20 00 49 4E 54 31 33 45 7E 31 2E 54 58 54 00 00 38 00 03 00 04 00 EF BE 49 3A 42 AB 49 3A 49 AB 14 00 00 00 49 00 4E 00 54 00 31 00 33 00 45 00 58 00 54 00 2E 00 56 00 58 00 44 00 2E 00 74 00 78 00 74 00 00 00 1C 00 1A 00 00 00 62 02 00 00 4C 00 32 00 15 28 00 00 49 3A 38 AB 20 00 59 6F 6F 67 5F 46 69 78 2E 62 61 74 00 00 30 00 03 00 04 00 EF BE 49 3A 38 AB 49 3A 38 AB 14 00 00 00 59 00 6F 00 6F 00 67 00 5F 00 46 00 69 00 78 00 2E 00 62 00 61 00 74 00 00 00 1C 00 1A 00 00 00 FA 02 00 00 52 00 32 00 3D 70 03 00 49 3A FD BA 20 00 47 57 50 5F 52 45 7E 31 2E 4A 50 47 00 00 36 00 03 00 04 00 EF BE 49 3A FD BA 49 3A FD BA 14 00 00 00 67 00 77 00 70 00 5F 00 72 00 65 00 67 00 5F 00 31 00 5F 00 36 00 2E 00 6A 00 70 00 67 00 00 00 1C 00 1A 00 00 00 92 03 00 00 5E 00 32 00 00 90 23 00 4A 3A 53 30 20 00 45 56 49 4C 4F 58 7E 31 2E 50 50 53 00 00 42 00 03 00 04 00 EF BE 4A 3A 52 30 4A 3A 90 31 14 00 00 00 45 00 56 00 49 00 4C 00 4F 00 58 00 5F 00 63 00 6C 00 6F 00 77 00 6E 00 2D 00 62 00 75 00 73 00 68 00 2E 00 70 00 70 00 73 00 00 00 1C 00 1A 00 00 00 32 01 00 00 50 00 32 00 CE 06 00 00 48 3A E9 19 20 00 48 49 4A 41 43 4B 7E 31 2E 4C 4E 4B 00 00 34 00 03 00 04 00 EF BE 48 3A E9 19 4A 3A 06 B0 14 00 00 00 48 00 69 00 6A 00 61 00 63 00 6B 00 54 00 68 00 69 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 C4 00 00 00 02 00 00 00 56 00 32 00 63 01 00 00 5C 37 40 BE 20 00 4D 45 53 44 4F 43 7E 31 2E 4C 4E 4B 00 00 3A 00 03 00 04 00 EF BE 5C 37 40 BE 4A 3A 06 B0 14 00 00 00 4D 00 65 00 73 00 20 00 64 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 19 01 00 00 02 00 00 00 48 00 32 00 4A 06 00 00 91 39 7D 97 20 00 4D 6F 7A 69 6C 6C 61 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 91 39 7D 97 4A 3A 04 AF 14 00 00 00 4D 00 6F 00 7A 00 69 00 6C 00 6C 00 61 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 6F 00 00 00 02 00 00 00 5C 00 32 00 68 00 00 00 5C 37 3D BE 20 00 50 4F 53 54 45 44 7E 31 2E 4C 4E 4B 00 00 40 00 03 00 04 00 EF BE 5C 37 3D BE 4A 3A 41 AF 14 00 00 00 50 00 6F 00 73 00 74 00 65 00 20 00 64 00 65 00 20 00 74 00 72 00 61 00 76 00 61 00 69 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 1A 00 00 00 7E 01 00 00 6A 00 32 00 95 02 00 00 47 3A C2 BD 20 00 52 41 43 43 4F 55 7E 31 2E 4C 4E 4B 00 00 4E 00 03 00 04 00 EF BE 47 3A C2 BD 4A 3A 06 B0 14 00 00 00 52 00 61 00 63 00 63 00 6F 00 75 00 72 00 63 00 69 00 20 00 76 00 65 00 72 00 73 00 20 00 46 00 45 00 41 00 52 00 2E 00 65 00 78 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 1A 00 00 00 7E 01 00 00 00 00 00 00 Key Modified Time : 11/02/2009 01:03:34 Data Length : 2 808 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:10 Data Length : 4 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:10 Data Length : 4 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:12 Data Length : 4 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:12 Data Length : 4 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:12 Data Length : 4 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:12 Data Length : 4 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:40 Data Length : 4 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:40 Data Length : 4 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:46 Data Length : 4 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:46 Data Length : 4 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:46 Data Length : 4 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:46 Data Length : 4 ================================================== ================================================== Registry Key : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:13 Data Length : 4 ================================================== ================================================== Registry Key : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:13 Data Length : 4 ================================================== ================================================== Registry Key : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:14 Data Length : 4 ================================================== ================================================== Registry Key : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:14 Data Length : 4 ================================================== ================================================== Registry Key : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:14 Data Length : 4 ================================================== ================================================== Registry Key : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:14 Data Length : 4 ================================================== ================================================== Registry Key : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:50 Data Length : 4 ================================================== ================================================== Registry Key : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:50 Data Length : 4 ================================================== ================================================== Registry Key : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:53 Data Length : 4 ================================================== ================================================== Registry Key : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:53 Data Length : 4 ================================================== ================================================== Registry Key : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:53 Data Length : 4 ================================================== ================================================== Registry Key : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:53 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:13 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:13 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:14 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:14 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:14 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:14 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:50 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:50 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:53 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:53 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:53 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:03:53 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:15 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:15 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:16 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:16 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:16 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:16 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:17 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:17 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:18 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:18 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:18 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 24/12/2007 22:37:18 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72} Name : URL Type : REG_SZ Data : http://www6.yoog.com/search.php?q={searchTerms} Key Modified Time : 08/02/2009 03:46:14 Data Length : 48 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72} Name : DisplayName Type : REG_SZ Data : Yoog Search Key Modified Time : 08/02/2009 03:46:14 Data Length : 12 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Search Assistant\ACMru\5603 Name : 001 Type : REG_SZ Data : yoog Key Modified Time : 08/02/2009 23:51:10 Data Length : 5 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Search Assistant\ACMru\5604 Name : 001 Type : REG_SZ Data : yoog Key Modified Time : 08/02/2009 23:51:10 Data Length : 5 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Name : 66 Type : REG_BINARY Data : 46 00 69 00 78 00 5F 00 59 00 6F 00 6F 00 67 00 2E 00 74 00 78 00 74 00 00 00 4C 00 32 00 00 00 00 00 00 00 00 00 00 00 46 69 78 5F 59 6F 6F 67 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 46 00 69 00 78 00 5F 00 59 00 6F 00 6F 00 67 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 00 00 Key Modified Time : 11/02/2009 01:05:32 Data Length : 104 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt Name : 8 Type : REG_BINARY Data : 46 00 69 00 78 00 5F 00 59 00 6F 00 6F 00 67 00 2E 00 74 00 78 00 74 00 00 00 4C 00 32 00 00 00 00 00 00 00 00 00 00 00 46 69 78 5F 59 6F 6F 67 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 46 00 69 00 78 00 5F 00 59 00 6F 00 6F 00 67 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 00 00 Key Modified Time : 11/02/2009 01:05:21 Data Length : 104 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage Name : ProgramsCache Type : REG_BINARY Data : 09 00 00 00 0B 00 46 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 00 00 01 C0 00 00 00 BE 00 32 00 3F 06 00 00 77 31 BD AA 20 00 41 53 53 49 53 54 7E 31 2E 4C 4E 4B 00 00 4A 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5A AD 14 00 00 00 41 00 73 00 73 00 69 00 73 00 74 00 61 00 6E 00 63 00 65 00 20 00 E0 00 20 00 64 00 69 00 73 00 74 00 61 00 6E 00 63 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 59 00 53 00 54 00 45 00 4D 00 52 00 4F 00 4F 00 54 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 72 00 63 00 69 00 6D 00 6C 00 62 00 79 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 E0 00 00 00 DE 00 32 00 1C 03 00 00 5E 37 B8 02 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 48 00 03 00 04 00 EF BE 5E 37 B8 02 49 3A 5A AD 14 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 65 00 64 00 69 00 61 00 20 00 50 00 6C 00 61 00 79 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 7A 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 65 00 64 00 69 00 61 00 20 00 50 00 6C 00 61 00 79 00 65 00 72 00 5C 00 77 00 6D 00 70 00 6C 00 61 00 79 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 8C 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 46 00 31 00 00 00 00 00 35 39 37 33 10 00 41 43 43 45 53 53 7E 31 00 00 2E 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A 0E A9 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 6F 00 69 00 72 00 65 00 73 00 00 00 18 00 00 00 01 A0 00 00 00 9E 00 32 00 82 01 00 00 77 31 BD AA 20 00 41 53 53 49 53 54 7E 31 2E 4C 4E 4B 00 00 6C 00 03 00 04 00 EF BE 5C 37 55 BB 49 3A 5A AD 14 00 00 00 41 00 73 00 73 00 69 00 73 00 74 00 61 00 6E 00 74 00 20 00 43 00 6F 00 6D 00 70 00 61 00 74 00 69 00 62 00 69 00 6C 00 69 00 74 00 E9 00 20 00 64 00 65 00 73 00 20 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 16 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 00 00 00 00 1C 00 00 00 01 AA 00 00 00 A8 00 32 00 EF 05 00 00 77 31 BD AA 20 00 42 4C 4F 43 2D 4E 7E 31 2E 4C 4E 4B 00 00 34 00 03 00 04 00 EF BE 5C 37 55 BB 49 3A 0E A9 14 00 00 00 42 00 6C 00 6F 00 63 00 2D 00 6E 00 6F 00 74 00 65 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 6E 00 6F 00 74 00 65 00 70 00 61 00 64 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 C6 00 00 00 C4 00 32 00 0E 03 00 00 18 39 17 57 20 00 43 41 52 4E 45 54 7E 31 2E 4C 4E 4B 00 00 42 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5A AD 14 00 00 00 43 00 61 00 72 00 6E 00 65 00 74 00 20 00 64 00 27 00 61 00 64 00 72 00 65 00 73 00 73 00 65 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 66 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 4F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 20 00 45 00 78 00 70 00 72 00 65 00 73 00 73 00 5C 00 77 00 61 00 62 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 AC 00 00 00 AA 00 32 00 CF 05 00 00 77 31 79 AA 20 00 45 58 50 4C 4F 52 7E 31 2E 4C 4E 4B 00 00 46 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5A AD 14 00 00 00 45 00 78 00 70 00 6C 00 6F 00 72 00 61 00 74 00 65 00 75 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 48 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 B4 00 00 00 B2 00 32 00 13 06 00 00 77 31 BD AA 20 00 49 4E 56 49 54 45 7E 31 2E 4C 4E 4B 00 00 46 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5A AD 14 00 00 00 49 00 6E 00 76 00 69 00 74 00 65 00 20 00 64 00 65 00 20 00 63 00 6F 00 6D 00 6D 00 61 00 6E 00 64 00 65 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 50 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 AE 00 00 00 AC 00 32 00 EF 05 00 00 77 31 BD AA 20 00 53 59 4E 43 48 52 7E 31 2E 4C 4E 4B 00 00 38 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5A AD 14 00 00 00 53 00 79 00 6E 00 63 00 68 00 72 00 6F 00 6E 00 69 00 73 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 6D 00 6F 00 62 00 73 00 79 00 6E 00 63 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 D0 00 00 00 CE 00 32 00 F7 05 00 00 77 31 BD AA 20 00 56 49 53 49 54 45 7E 31 2E 4C 4E 4B 00 00 56 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5A AD 14 00 00 00 56 00 69 00 73 00 69 00 74 00 65 00 20 00 67 00 75 00 69 00 64 00 E9 00 65 00 20 00 64 00 65 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 58 00 50 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 5C 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 74 00 6F 00 75 00 72 00 73 00 74 00 61 00 72 00 74 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 D6 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 46 00 31 00 00 00 00 00 35 39 37 33 10 00 41 43 43 45 53 53 7E 31 00 00 2E 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A 0E A9 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 6F 00 69 00 72 00 65 00 73 00 00 00 18 00 4A 00 31 00 00 00 00 00 79 31 46 1B 10 00 41 43 43 45 53 53 7E 31 00 00 32 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A 0E A9 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 69 00 62 00 69 00 6C 00 69 00 74 00 E9 00 00 00 18 00 00 00 01 AA 00 00 00 A8 00 32 00 E5 05 00 00 35 39 01 33 20 00 43 4C 41 56 49 45 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE 5C 37 55 BB 49 3A 5A AD 14 00 00 00 43 00 6C 00 61 00 76 00 69 00 65 00 72 00 20 00 76 00 69 00 73 00 75 00 65 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 50 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 6F 00 73 00 6B 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 CA 00 00 00 C8 00 32 00 03 06 00 00 77 31 BD AA 20 00 47 45 53 54 49 4F 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE 5C 37 55 BB 49 3A 5A AD 14 00 00 00 47 00 65 00 73 00 74 00 69 00 6F 00 6E 00 6E 00 61 00 69 00 72 00 65 00 20 00 64 00 27 00 75 00 74 00 69 00 6C 00 69 00 74 00 61 00 69 00 72 00 65 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 75 00 74 00 69 00 6C 00 6D 00 61 00 6E 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 9C 00 00 00 9A 00 32 00 FD 05 00 00 3D 3A 1C A5 20 00 4C 6F 75 70 65 2E 6C 6E 6B 00 2A 00 03 00 04 00 EF BE 5C 37 55 BB 49 3A 5B AD 14 00 00 00 4C 00 6F 00 75 00 70 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 6D 00 61 00 67 00 6E 00 69 00 66 00 79 00 2E 00 65 00 78 00 65 00 00 00 00 00 18 00 00 00 00 D8 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 46 00 31 00 00 00 00 00 35 39 37 33 10 00 41 43 43 45 53 53 7E 31 00 00 2E 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A 0E A9 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 6F 00 69 00 72 00 65 00 73 00 00 00 18 00 4C 00 31 00 00 00 00 00 5E 37 97 AA 10 00 4F 55 54 49 4C 53 7E 31 00 00 34 00 03 00 04 00 EF BE 5E 37 97 AA 49 3A 0E A9 14 00 00 00 4F 00 75 00 74 00 69 00 6C 00 73 00 20 00 73 00 79 00 73 00 74 00 E8 00 6D 00 65 00 00 00 18 00 00 00 01 0E 01 00 00 0C 01 32 00 49 03 00 00 5E 37 97 AA 20 00 49 4E 54 45 52 4E 7E 31 2E 4C 4E 4B 00 00 7C 00 03 00 04 00 EF BE 5E 37 97 AA 49 3A 5B AD 14 00 00 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 20 00 28 00 73 00 61 00 6E 00 73 00 20 00 6D 00 6F 00 64 00 75 00 6C 00 65 00 20 00 63 00 6F 00 6D 00 70 00 6C 00 E9 00 6D 00 65 00 6E 00 74 00 61 00 69 00 72 00 65 00 29 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 74 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 5C 00 69 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 86 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 40 00 31 00 00 00 00 00 35 39 07 2A 10 00 43 43 6C 65 61 6E 65 72 00 00 28 00 03 00 04 00 EF BE 35 39 07 2A 49 3A 0E A9 14 00 00 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 00 00 18 00 00 00 01 B0 00 00 00 AE 00 32 00 20 06 00 00 35 39 07 2A 20 00 43 43 6C 65 61 6E 65 72 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 35 39 07 2A 49 3A 5B AD 14 00 00 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 62 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 5C 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 A6 00 00 00 A4 00 32 00 4A 00 00 00 35 39 07 2A 20 00 43 43 4C 45 41 4E 7E 31 2E 55 52 4C 00 00 42 00 03 00 04 00 EF BE 35 39 07 2A 49 3A 5B AD 14 00 00 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 48 00 6F 00 6D 00 65 00 70 00 61 00 67 00 65 00 2E 00 75 00 72 00 6C 00 00 00 1C 00 46 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 77 00 77 00 77 00 2E 00 63 00 63 00 6C 00 65 00 61 00 6E 00 65 00 72 00 2E 00 63 00 6F 00 6D 00 2F 00 00 00 00 00 1C 00 00 00 01 C0 00 00 00 BE 00 32 00 59 05 00 00 35 39 07 2A 20 00 55 4E 49 4E 53 54 7E 31 2E 4C 4E 4B 00 00 44 00 03 00 04 00 EF BE 35 39 07 2A 49 3A 5B AD 14 00 00 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 20 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 5E 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 5C 00 75 00 6E 00 69 00 6E 00 73 00 74 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 96 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 50 00 31 00 00 00 00 00 2D 38 54 02 10 00 43 44 42 55 52 4E 7E 31 00 00 38 00 03 00 04 00 EF BE 2D 38 53 02 49 3A 0E A9 14 00 00 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 00 00 18 00 00 00 01 1E 01 00 00 1C 01 32 00 FE 07 00 00 2D 38 53 02 20 00 43 44 42 55 52 4E 7E 31 2E 4C 4E 4B 00 00 40 00 03 00 04 00 EF BE 2D 38 53 02 49 3A 5B AD 14 00 00 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 C0 00 00 00 0B 00 EF BE 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 5C 00 63 00 64 00 62 00 78 00 70 00 2E 00 65 00 78 00 65 00 00 00 01 00 5A 00 6B 00 46 00 32 00 54 00 49 00 34 00 45 00 31 00 3D 00 50 00 36 00 6E 00 70 00 36 00 7E 00 4C 00 36 00 33 00 5A 00 3E 00 37 00 7E 00 69 00 4F 00 30 00 3F 00 43 00 75 00 37 00 40 00 5B 00 53 00 4A 00 47 00 3F 00 6A 00 61 00 6F 00 24 00 32 00 00 00 00 00 1C 00 00 00 01 EE 00 00 00 EC 00 32 00 BC 02 00 00 2D 38 53 02 20 00 43 44 42 55 52 4E 7E 32 2E 4C 4E 4B 00 00 5A 00 03 00 04 00 EF BE 2D 38 53 02 49 3A 5B AD 14 00 00 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 20 00 4F 00 6E 00 2D 00 6C 00 69 00 6E 00 65 00 20 00 48 00 65 00 6C 00 70 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 76 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 5C 00 4F 00 6E 00 6C 00 69 00 6E 00 65 00 48 00 65 00 6C 00 70 00 2E 00 75 00 72 00 6C 00 00 00 00 00 1C 00 00 00 01 E6 00 00 00 E4 00 32 00 9F 02 00 00 2D 38 54 02 20 00 43 44 42 55 52 4E 7E 33 2E 4C 4E 4B 00 00 5C 00 03 00 04 00 EF BE 2D 38 54 02 49 3A 5B AD 14 00 00 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 20 00 53 00 75 00 70 00 70 00 6F 00 72 00 74 00 20 00 46 00 6F 00 72 00 75 00 6D 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 6C 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 5C 00 46 00 6F 00 72 00 75 00 6D 00 2E 00 75 00 72 00 6C 00 00 00 00 00 1C 00 00 00 01 E0 00 00 00 DE 00 32 00 AB 02 00 00 2D 38 54 02 20 00 43 44 42 55 52 4E 7E 34 2E 4C 4E 4B 00 00 52 00 03 00 04 00 EF BE 2D 38 54 02 49 3A 5B AD 14 00 00 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 20 00 57 00 65 00 62 00 20 00 50 00 61 00 67 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 70 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 5C 00 57 00 65 00 62 00 50 00 61 00 67 00 65 00 2E 00 75 00 72 00 6C 00 00 00 00 00 1C 00 00 00 01 E4 00 00 00 E2 00 32 00 39 07 00 00 2D 38 53 02 20 00 4C 49 43 45 4E 53 7E 31 2E 4C 4E 4B 00 00 42 00 03 00 04 00 EF BE 2D 38 53 02 49 3A 5B AD 14 00 00 00 4C 00 69 00 63 00 65 00 6E 00 73 00 65 00 20 00 41 00 67 00 72 00 65 00 65 00 6D 00 65 00 6E 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 84 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 5C 00 4C 00 69 00 63 00 65 00 6E 00 73 00 65 00 20 00 41 00 67 00 72 00 65 00 65 00 6D 00 65 00 6E 00 74 00 2E 00 74 00 78 00 74 00 00 00 00 00 1C 00 00 00 01 C6 00 00 00 C4 00 32 00 21 07 00 00 2D 38 54 02 20 00 55 4E 49 4E 53 54 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE 2D 38 54 02 49 3A 5B AD 14 00 00 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 20 00 43 00 44 00 42 00 75 00 72 00 6E 00 65 00 72 00 58 00 50 00 20 00 50 00 72 00 6F 00 20 00 33 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 54 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 6D 00 73 00 69 00 65 00 78 00 65 00 63 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 9A 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 54 00 31 00 00 00 00 00 73 39 0B 5A 10 00 44 52 49 56 45 52 7E 31 00 00 3C 00 03 00 04 00 EF BE 73 39 0B 5A 49 3A 0E A9 14 00 00 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 00 00 18 00 00 00 01 D8 00 00 00 D6 00 32 00 7A 06 00 00 73 39 0B 5A 20 00 44 52 49 56 45 52 7E 31 2E 4C 4E 4B 00 00 44 00 03 00 04 00 EF BE 73 39 0B 5A 49 3A 5B AD 14 00 00 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 76 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 5C 00 44 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 B8 00 00 00 B6 00 32 00 7A 06 00 00 73 39 0B 5A 20 00 48 65 6C 70 2E 6C 6E 6B 00 00 28 00 03 00 04 00 EF BE 73 39 0B 5A 49 3A 5B AD 14 00 00 00 48 00 65 00 6C 00 70 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 76 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 5C 00 44 00 43 00 50 00 45 00 48 00 65 00 6C 00 70 00 2E 00 63 00 68 00 6D 00 00 00 00 00 18 00 00 00 01 BE 00 00 00 BC 00 32 00 71 06 00 00 73 39 0B 5A 20 00 4C 69 63 65 6E 73 65 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 73 39 0B 5A 49 3A 5B AD 14 00 00 00 4C 00 69 00 63 00 65 00 6E 00 73 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 74 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 5C 00 4C 00 69 00 63 00 65 00 6E 00 73 00 65 00 2E 00 74 00 78 00 74 00 00 00 00 00 1A 00 00 00 01 BA 00 00 00 B8 00 32 00 6A 06 00 00 73 39 0B 5A 20 00 52 65 61 64 6D 65 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 73 39 0B 5A 49 3A 5B AD 14 00 00 00 52 00 65 00 61 00 64 00 6D 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 72 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 5C 00 52 00 65 00 61 00 64 00 6D 00 65 00 2E 00 74 00 78 00 74 00 00 00 00 00 1A 00 00 00 01 C8 00 00 00 C6 00 32 00 81 06 00 00 73 39 0B 5A 20 00 55 4E 49 4E 53 54 7E 31 2E 4C 4E 4B 00 00 32 00 03 00 04 00 EF BE 73 39 0B 5A 49 3A 5B AD 14 00 00 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 78 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 44 00 72 00 69 00 76 00 65 00 72 00 20 00 43 00 6C 00 65 00 61 00 6E 00 65 00 72 00 20 00 50 00 72 00 6F 00 5C 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 90 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 4A 00 31 00 00 00 00 00 99 39 C5 A0 10 00 46 52 45 54 53 4F 7E 31 00 00 32 00 03 00 04 00 EF BE 99 39 C5 A0 49 3A 0E A9 14 00 00 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 00 00 18 00 00 00 01 CA 00 00 00 C8 00 32 00 54 06 00 00 99 39 C5 A0 20 00 46 52 45 54 53 4F 7E 31 2E 4C 4E 4B 00 00 3A 00 03 00 04 00 EF BE 99 39 C5 A0 49 3A 5B AD 14 00 00 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 72 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 5C 00 46 00 72 00 65 00 74 00 73 00 4F 00 6E 00 46 00 69 00 72 00 65 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 E0 00 00 00 DE 00 32 00 4B 00 00 00 99 39 C5 A0 20 00 46 52 45 54 53 4F 7E 31 2E 55 52 4C 00 00 4A 00 03 00 04 00 EF BE 99 39 C5 A0 49 3A 5B AD 14 00 00 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 20 00 57 00 65 00 62 00 70 00 61 00 67 00 65 00 2E 00 75 00 72 00 6C 00 00 00 1C 00 78 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 6C 00 6F 00 75 00 68 00 69 00 2E 00 6B 00 65 00 6D 00 70 00 65 00 6C 00 65 00 2E 00 66 00 69 00 2F 00 7E 00 73 00 6B 00 79 00 6F 00 73 00 74 00 69 00 6C 00 2F 00 75 00 76 00 2F 00 66 00 72 00 65 00 74 00 73 00 6F 00 6E 00 66 00 69 00 72 00 65 00 2F 00 00 00 00 00 1C 00 00 00 01 B0 00 00 00 AE 00 32 00 D5 02 00 00 99 39 C5 A0 20 00 52 65 61 64 6D 65 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 99 39 C5 A0 49 3A 5B AD 14 00 00 00 52 00 65 00 61 00 64 00 6D 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 68 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 5C 00 72 00 65 00 61 00 64 00 6D 00 65 00 2E 00 74 00 78 00 74 00 00 00 00 00 1A 00 00 00 01 DA 00 00 00 D8 00 32 00 2B 02 00 00 99 39 C5 A0 20 00 55 4E 49 4E 53 54 7E 31 2E 4C 4E 4B 00 00 4E 00 03 00 04 00 EF BE 99 39 C5 A0 49 3A 5B AD 14 00 00 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 20 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 6E 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 46 00 72 00 65 00 74 00 73 00 20 00 6F 00 6E 00 20 00 46 00 69 00 72 00 65 00 5C 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 94 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 4E 00 31 00 00 00 00 00 22 32 EB 08 10 00 4D 49 43 52 4F 53 7E 31 00 00 36 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A 0E A9 14 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 57 00 6F 00 72 00 6B 00 73 00 00 00 18 00 00 00 01 B0 00 00 00 AE 00 32 00 9F 06 00 00 22 32 EB 08 20 00 49 4E 53 54 41 4C 7E 31 2E 4C 4E 4B 00 00 52 00 03 00 04 00 EF BE 5C 37 54 BB 49 3A 5B AD 14 00 00 00 49 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 65 00 72 00 20 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 57 00 6F 00 72 00 6B 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 40 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 68 00 70 00 5C 00 62 00 69 00 6E 00 5C 00 63 00 6C 00 6F 00 61 00 6B 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 8A 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 44 00 31 00 00 00 00 00 52 39 D1 00 10 00 4D 4F 44 45 52 4E 7E 31 00 00 2C 00 03 00 04 00 EF BE 3C 39 85 B4 49 3A 0E A9 14 00 00 00 4D 00 6F 00 64 00 65 00 72 00 6E 00 52 00 63 00 6F 00 6E 00 00 00 18 00 00 00 01 D0 00 00 00 CE 00 32 00 59 06 00 00 31 3A 49 B2 20 00 4D 4F 44 45 52 4E 7E 31 2E 4C 4E 4B 00 00 3E 00 03 00 04 00 EF BE 3C 39 86 B4 49 3A 5B AD 14 00 00 00 4D 00 6F 00 64 00 65 00 72 00 6E 00 52 00 63 00 6F 00 6E 00 20 00 76 00 30 00 2E 00 37 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 74 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 4D 00 6F 00 64 00 65 00 72 00 6E 00 52 00 63 00 6F 00 6E 00 5C 00 4D 00 6F 00 64 00 65 00 72 00 6E 00 52 00 63 00 6F 00 6E 00 5F 00 76 00 30 00 2E 00 37 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 D6 00 00 00 D4 00 32 00 CC 02 00 00 31 3A 49 B2 20 00 55 4E 49 4E 53 54 7E 31 2E 4C 4E 4B 00 00 52 00 03 00 04 00 EF BE 3C 39 86 B4 49 3A 5B AD 14 00 00 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 20 00 4D 00 6F 00 64 00 65 00 72 00 6E 00 52 00 63 00 6F 00 6E 00 20 00 76 00 30 00 2E 00 37 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 66 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 4D 00 6F 00 64 00 65 00 72 00 6E 00 52 00 63 00 6F 00 6E 00 5C 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 80 00 00 00 44 00 31 00 00 00 00 00 99 39 C5 A0 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 5C 37 53 BB 49 3A E2 A8 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 3A 00 31 00 00 00 00 00 4A 39 2C 8E 10 00 57 69 6E 52 41 52 00 00 24 00 03 00 04 00 EF BE 4A 39 2C 8E 49 3A 0E A9 14 00 00 00 57 00 69 00 6E 00 52 00 41 00 52 00 00 00 16 00 00 00 01 B4 00 00 00 B2 00 32 00 D8 02 00 00 4A 39 2C 8E 20 00 41 49 44 45 44 45 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE 4A 39 2C 8E 49 3A 5B AD 14 00 00 00 41 00 69 00 64 00 65 00 20 00 64 00 65 00 20 00 57 00 69 00 6E 00 52 00 41 00 52 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 5A 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 57 00 69 00 6E 00 52 00 41 00 52 00 5C 00 57 00 69 00 6E 00 52 00 41 00 52 00 2E 00 63 00 68 00 6D 00 00 00 00 00 1C 00 00 00 01 C2 00 00 00 C0 00 32 00 C5 02 00 00 4A 39 2C 8E 20 00 4D 41 4E 55 45 4C 7E 31 2E 4C 4E 4B 00 00 50 00 03 00 04 00 EF BE 4A 39 2C 8E 49 3A 5B AD 14 00 00 00 4D 00 61 00 6E 00 75 00 65 00 6C 00 20 00 64 00 65 00 20 00 6C 00 61 00 20 00 63 00 6F 00 6E 00 73 00 6F 00 6C 00 65 00 20 00 52 00 41 00 52 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 54 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 57 00 69 00 6E 00 52 00 41 00 52 00 5C 00 52 00 61 00 72 00 2E 00 74 00 78 00 74 00 00 00 00 00 1C 00 00 00 01 A2 00 00 00 A0 00 32 00 D8 02 00 00 4A 39 2C 8E 20 00 57 69 6E 52 41 52 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 4A 39 2C 8E 49 3A 5B AD 14 00 00 00 57 00 69 00 6E 00 52 00 41 00 52 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 5A 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 57 00 69 00 6E 00 52 00 41 00 52 00 5C 00 57 00 69 00 6E 00 52 00 41 00 52 00 2E 00 65 00 78 00 65 00 00 00 00 00 1A 00 00 00 02 16 00 46 00 00 00 44 00 31 00 00 00 00 00 49 3A 44 A6 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 79 31 30 1B 49 3A 44 A6 14 00 00 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 6D 00 65 00 73 00 00 00 18 00 00 00 01 78 01 00 00 76 01 32 00 30 08 00 00 91 37 A2 82 20 00 41 44 4F 42 45 50 7E 31 2E 4C 4E 4B 00 00 78 00 03 00 04 00 EF BE 91 37 A2 82 49 3A 5B AD 14 00 00 00 41 00 64 00 6F 00 62 00 65 00 20 00 50 00 68 00 6F 00 74 00 6F 00 73 00 68 00 6F 00 70 00 20 00 41 00 6C 00 62 00 75 00 6D 00 20 00 45 00 64 00 69 00 74 00 69 00 6F 00 6E 00 20 00 44 00 E9 00 63 00 6F 00 75 00 76 00 65 00 72 00 74 00 65 00 20 00 33 00 2E 00 32 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 E2 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 41 00 64 00 6F 00 62 00 65 00 5C 00 50 00 68 00 6F 00 74 00 6F 00 73 00 68 00 6F 00 70 00 20 00 41 00 6C 00 62 00 75 00 6D 00 20 00 45 00 64 00 69 00 74 00 69 00 6F 00 6E 00 20 00 44 00 E9 00 63 00 6F 00 75 00 76 00 65 00 72 00 74 00 65 00 5C 00 33 00 2E 00 32 00 5C 00 41 00 70 00 70 00 73 00 5C 00 50 00 68 00 6F 00 74 00 6F 00 73 00 68 00 6F 00 70 00 20 00 41 00 6C 00 62 00 75 00 6D 00 20 00 53 00 74 00 61 00 72 00 74 00 65 00 72 00 20 00 45 00 64 00 69 00 74 00 69 00 6F 00 6E 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 52 01 00 00 50 01 32 00 2B 09 00 00 49 3A D2 52 20 00 41 44 4F 42 45 52 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE 3E 39 F7 52 49 3A 5B AD 14 00 00 00 41 00 64 00 6F 00 62 00 65 00 20 00 52 00 65 00 61 00 64 00 65 00 72 00 20 00 39 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F8 00 00 00 0B 00 EF BE 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 41 00 64 00 6F 00 62 00 65 00 5C 00 52 00 65 00 61 00 64 00 65 00 72 00 20 00 39 00 2E 00 30 00 5C 00 52 00 65 00 61 00 64 00 65 00 72 00 5C 00 41 00 63 00 72 00 6F 00 52 00 64 00 33 00 32 00 2E 00 65 00 78 00 65 00 00 00 01 00 33 00 34 00 54 00 4C 00 60 00 6C 00 72 00 76 00 35 00 28 00 38 00 48 00 28 00 36 00 21 00 24 00 2C 00 43 00 43 00 21 00 52 00 65 00 61 00 64 00 65 00 72 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 46 00 69 00 6C 00 65 00 73 00 3E 00 6C 00 7B 00 6E 00 5E 00 72 00 79 00 3F 00 4F 00 74 00 40 00 32 00 64 00 31 00 6C 00 63 00 21 00 59 00 4A 00 51 00 72 00 00 00 00 00 1C 00 00 00 01 A6 00 00 00 A4 00 32 00 35 06 00 00 22 32 44 09 20 00 4D 59 50 43 43 48 7E 31 2E 4C 4E 4B 00 00 38 00 03 00 04 00 EF BE 22 32 44 09 49 3A 5B AD 14 00 00 00 4D 00 79 00 20 00 50 00 43 00 20 00 43 00 68 00 6F 00 69 00 63 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 50 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 68 00 70 00 5C 00 56 00 49 00 4E 00 45 00 54 00 4C 00 49 00 4E 00 4B 00 5C 00 56 00 49 00 4E 00 45 00 54 00 4C 00 49 00 4E 00 4B 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 BA 00 00 00 B8 00 32 00 5E 03 00 00 24 39 F6 7A 20 00 50 41 49 4E 54 4E 7E 31 2E 4C 4E 4B 00 00 32 00 03 00 04 00 EF BE 81 37 D3 6D 49 3A 5B AD 14 00 00 00 50 00 61 00 69 00 6E 00 74 00 2E 00 4E 00 45 00 54 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 6A 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 50 00 61 00 69 00 6E 00 74 00 2E 00 4E 00 45 00 54 00 5C 00 50 00 61 00 69 00 6E 00 74 00 44 00 6F 00 74 00 4E 00 65 00 74 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 02 01 00 00 00 01 32 00 3E 07 00 00 79 39 2B 88 20 00 53 61 66 61 72 69 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 8E 38 B2 62 49 3A 5B AD 14 00 00 00 53 00 61 00 66 00 61 00 72 00 69 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 BA 00 00 00 0B 00 EF BE 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 53 00 61 00 66 00 61 00 72 00 69 00 5C 00 53 00 61 00 66 00 61 00 72 00 69 00 2E 00 65 00 78 00 65 00 00 00 01 00 26 00 24 00 74 00 44 00 44 00 43 00 46 00 47 00 56 00 40 00 62 00 47 00 6C 00 2C 00 67 00 76 00 69 00 7E 00 50 00 25 00 53 00 61 00 66 00 61 00 72 00 69 00 3E 00 4B 00 78 00 27 00 52 00 5E 00 35 00 4E 00 55 00 44 00 39 00 36 00 6F 00 60 00 40 00 74 00 5B 00 4F 00 60 00 40 00 31 00 00 00 00 00 1A 00 00 00 01 CA 00 00 00 C8 00 32 00 12 03 00 00 77 31 7C AA 20 00 57 49 4E 44 4F 57 7E 32 2E 4C 4E 4B 00 00 46 00 03 00 04 00 EF BE 77 31 7C AA 49 3A 5B AD 14 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 6F 00 76 00 69 00 65 00 20 00 4D 00 61 00 6B 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 66 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 4D 00 6F 00 76 00 69 00 65 00 20 00 4D 00 61 00 6B 00 65 00 72 00 5C 00 6D 00 6F 00 76 00 69 00 65 00 6D 00 6B 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 8C 00 00 00 44 00 31 00 00 00 00 00 49 3A 44 A6 10 00 50 52 4F 47 52 41 7E 31 00 00 2C 00 03 00 04 00 EF BE 79 31 30 1B 49 3A 44 A6 14 00 00 00 50 00 72 00 6F Key Modified Time : 11/02/2009 01:03:34 Data Length : 69 908 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 09/03/2008 13:25:53 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 09/03/2008 13:25:53 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 09/03/2008 13:25:54 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 09/03/2008 13:25:54 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 09/03/2008 13:25:54 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 09/03/2008 13:25:54 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:04:21 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:04:21 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:04:24 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:04:24 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:04:24 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it\www Name : * Type : REG_DWORD Data : 0x00000004 (4) Key Modified Time : 23/08/2008 21:04:24 Data Length : 4 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\Shell\Bags\1\Desktop Name : ItemPos800x600(1) Type : REG_BINARY Data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1A 00 00 00 02 00 00 00 14 00 1F 60 40 F0 5F 64 81 50 1B 10 9F 08 00 AA 00 2F 95 4E 6F 00 00 00 16 02 00 00 14 00 1F 68 80 53 1C 87 A0 42 69 10 A2 EA 08 00 2B 30 30 9D 6F 00 00 00 7E 01 00 00 58 00 3A 00 C9 06 00 00 49 3A D2 52 20 00 41 44 4F 42 45 52 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE 49 3A D2 52 49 3A 8A B4 14 00 00 00 41 00 64 00 6F 00 62 00 65 00 20 00 52 00 65 00 61 00 64 00 65 00 72 00 20 00 39 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 6F 00 00 00 32 01 00 00 70 00 3A 00 19 06 00 00 48 3A 02 BB 20 00 50 43 49 4E 53 50 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE 48 3A 02 BB 49 3A 8A B4 14 00 00 00 50 00 43 00 20 00 49 00 6E 00 73 00 70 00 65 00 63 00 74 00 6F 00 72 00 20 00 46 00 69 00 6C 00 65 00 20 00 52 00 65 00 63 00 6F 00 76 00 65 00 72 00 79 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 C4 00 00 00 4E 00 00 00 3A 00 31 00 00 00 00 00 49 3A 6C AC 10 00 42 4F 52 44 45 4C 00 00 24 00 03 00 04 00 EF BE 3D 3A 72 AB 4A 3A 00 0A 14 00 00 00 42 00 4F 00 52 00 44 00 45 00 4C 00 00 00 16 00 1A 00 00 00 CA 01 00 00 46 00 31 00 00 00 00 00 47 3A F2 BC 10 00 46 45 41 52 31 30 7E 31 00 00 2E 00 03 00 04 00 EF BE 47 3A F1 BC 4A 3A 00 0A 14 00 00 00 66 00 65 00 61 00 72 00 31 00 30 00 31 00 74 00 72 00 6E 00 37 00 00 00 18 00 1A 00 00 00 4E 00 00 00 34 00 31 00 00 00 00 00 42 3A 20 6D 10 00 4A 65 75 78 00 00 20 00 03 00 04 00 EF BE 3D 3A 6A AB 4A 3A 0E 09 14 00 00 00 4A 00 65 00 75 00 78 00 00 00 14 00 1A 00 00 00 E6 00 00 00 4E 00 31 00 00 00 00 00 48 3A 62 14 10 00 4E 4F 55 56 45 41 7E 31 00 00 36 00 03 00 04 00 EF BE 44 3A CD 14 4A 3A 00 0A 14 00 00 00 4E 00 6F 00 75 00 76 00 65 00 61 00 75 00 20 00 64 00 6F 00 73 00 73 00 69 00 65 00 72 00 00 00 18 00 16 04 00 00 E6 00 00 00 56 00 31 00 00 00 00 00 49 3A 74 AC 10 00 4E 4F 55 56 45 41 7E 32 00 00 3E 00 03 00 04 00 EF BE 49 3A 71 AC 4A 3A 00 0A 14 00 00 00 4E 00 6F 00 75 00 76 00 65 00 61 00 75 00 20 00 64 00 6F 00 73 00 73 00 69 00 65 00 72 00 20 00 28 00 32 00 29 00 00 00 18 00 1A 00 00 00 46 03 00 00 4E 00 31 00 00 00 00 00 49 3A 09 BE 10 00 52 41 44 46 43 32 7E 31 00 00 36 00 03 00 04 00 EF BE 49 3A 09 BE 4A 3A 00 0A 14 00 00 00 72 00 61 00 64 00 66 00 63 00 32 00 76 00 31 00 30 00 32 00 74 00 72 00 6E 00 31 00 35 00 00 00 18 00 1A 00 00 00 16 02 00 00 3C 00 31 00 00 00 00 00 48 3A FC 4D 10 00 54 63 70 56 69 65 77 00 26 00 03 00 04 00 EF BE 48 3A FC 4D 4A 3A 00 0A 14 00 00 00 54 00 63 00 70 00 56 00 69 00 65 00 77 00 00 00 16 00 6F 00 00 00 4E 00 00 00 46 00 31 00 00 00 00 00 48 3A 77 17 10 00 55 54 49 4C 49 54 7E 31 00 00 2E 00 03 00 04 00 EF BE 3D 3A 6F AB 4A 3A 00 0A 14 00 00 00 55 00 54 00 49 00 4C 00 49 00 54 00 41 00 49 00 52 00 45 00 53 00 00 00 18 00 6F 00 00 00 CA 01 00 00 4C 00 32 00 CD 8A 2C 00 49 3A 0F A2 21 00 43 6F 6D 62 6F 46 69 78 2E 65 78 65 00 00 30 00 03 00 04 00 EF BE 49 3A 0B A2 49 3A 44 AD 14 00 00 00 43 00 6F 00 6D 00 62 00 6F 00 46 00 69 00 78 00 2E 00 65 00 78 00 65 00 00 00 1C 00 6F 00 00 00 E6 00 00 00 40 00 32 00 1B EE 0B 00 48 3A 81 A5 20 00 52 53 49 54 2E 65 78 65 00 00 28 00 03 00 04 00 EF BE 48 3A 80 A5 48 3A 3B B3 14 00 00 00 52 00 53 00 49 00 54 00 2E 00 65 00 78 00 65 00 00 00 18 00 19 01 00 00 4E 00 00 00 48 00 32 00 14 C7 00 00 3F 3A B5 68 20 00 42 75 72 65 61 75 31 2E 72 61 72 00 2E 00 03 00 04 00 EF BE 3F 3A B5 68 49 3A 40 A9 14 00 00 00 42 00 75 00 72 00 65 00 61 00 75 00 31 00 2E 00 72 00 61 00 72 00 00 00 1A 00 19 01 00 00 9A 00 00 00 48 00 32 00 8C 42 0D 25 47 3A 3B 45 20 00 42 75 72 65 61 75 32 2E 72 61 72 00 2E 00 03 00 04 00 EF BE 47 3A 0D 44 4A 3A E2 08 14 00 00 00 42 00 75 00 72 00 65 00 61 00 75 00 32 00 2E 00 72 00 61 00 72 00 00 00 1A 00 1A 00 00 00 9A 00 00 00 46 00 32 00 4C 04 84 1A 3F 3A 9D 1C 20 00 42 75 72 65 61 75 2E 72 61 72 00 00 2C 00 03 00 04 00 EF BE 3F 3A D1 1B 48 3A 3B B3 14 00 00 00 42 00 75 00 72 00 65 00 61 00 75 00 2E 00 72 00 61 00 72 00 00 00 1A 00 1A 00 00 00 AE 02 00 00 3C 00 32 00 3C 5D 00 00 49 3A 32 BA 20 00 46 43 32 2E 72 61 72 00 26 00 03 00 04 00 EF BE 49 3A 31 BA 49 3A 32 BA 14 00 00 00 46 00 43 00 32 00 2E 00 72 00 61 00 72 00 00 00 16 00 6F 00 00 00 9A 00 00 00 5A 00 32 00 54 19 81 02 35 3A 7A 12 20 00 4E 4F 55 56 45 41 7E 31 2E 52 41 52 00 00 3E 00 03 00 04 00 EF BE 35 3A 6D 12 48 3A 3B B3 14 00 00 00 4E 00 6F 00 75 00 76 00 65 00 61 00 75 00 20 00 64 00 6F 00 73 00 73 00 69 00 65 00 72 00 2E 00 72 00 61 00 72 00 00 00 1C 00 C4 00 00 00 9A 00 00 00 40 00 32 00 04 C6 14 03 97 39 93 02 20 00 74 65 73 74 2E 72 61 72 00 00 28 00 03 00 04 00 EF BE 97 39 81 02 48 3A 60 AF 14 00 00 00 74 00 65 00 73 00 74 00 2E 00 72 00 61 00 72 00 00 00 18 00 C2 02 00 00 16 02 00 00 48 00 32 00 5E A7 01 00 48 3A 94 B6 20 00 57 61 72 6E 69 6E 67 2E 72 61 72 00 2E 00 03 00 04 00 EF BE 48 3A 94 B6 49 3A F1 96 14 00 00 00 57 00 61 00 72 00 6E 00 69 00 6E 00 67 00 2E 00 72 00 61 00 72 00 00 00 1A 00 6F 00 00 00 AE 02 00 00 5A 00 32 00 6C F2 01 00 49 3A F4 BD 20 00 52 41 44 46 43 32 7E 31 2E 5A 49 50 00 00 3E 00 03 00 04 00 EF BE 49 3A F4 BD 49 3A F4 BD 14 00 00 00 72 00 61 00 64 00 66 00 63 00 32 00 76 00 31 00 30 00 32 00 74 00 72 00 6E 00 31 00 35 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 6F 00 00 00 62 02 00 00 48 00 32 00 29 01 00 00 49 3A 63 AD 20 00 63 61 74 63 68 6D 65 2E 6C 6F 67 00 2E 00 03 00 04 00 EF BE 49 3A 95 A2 49 3A 63 AD 14 00 00 00 63 00 61 00 74 00 63 00 68 00 6D 00 65 00 2E 00 6C 00 6F 00 67 00 00 00 1A 00 C2 02 00 00 E6 00 00 00 54 00 32 00 68 0F 00 00 49 3A 49 AB 20 00 49 4E 54 31 33 45 7E 31 2E 54 58 54 00 00 38 00 03 00 04 00 EF BE 49 3A 42 AB 49 3A 49 AB 14 00 00 00 49 00 4E 00 54 00 31 00 33 00 45 00 58 00 54 00 2E 00 56 00 58 00 44 00 2E 00 74 00 78 00 74 00 00 00 1C 00 1A 00 00 00 62 02 00 00 4C 00 32 00 15 28 00 00 49 3A 38 AB 20 00 59 6F 6F 67 5F 46 69 78 2E 62 61 74 00 00 30 00 03 00 04 00 EF BE 49 3A 38 AB 49 3A 38 AB 14 00 00 00 59 00 6F 00 6F 00 67 00 5F 00 46 00 69 00 78 00 2E 00 62 00 61 00 74 00 00 00 1C 00 1A 00 00 00 FA 02 00 00 52 00 32 00 3D 70 03 00 49 3A FD BA 20 00 47 57 50 5F 52 45 7E 31 2E 4A 50 47 00 00 36 00 03 00 04 00 EF BE 49 3A FD BA 49 3A FD BA 14 00 00 00 67 00 77 00 70 00 5F 00 72 00 65 00 67 00 5F 00 31 00 5F 00 36 00 2E 00 6A 00 70 00 67 00 00 00 1C 00 1A 00 00 00 32 01 00 00 50 00 32 00 CE 06 00 00 48 3A E9 19 20 00 48 49 4A 41 43 4B 7E 31 2E 4C 4E 4B 00 00 34 00 03 00 04 00 EF BE 48 3A E9 19 49 3A 8A B4 14 00 00 00 48 00 69 00 6A 00 61 00 63 00 6B 00 54 00 68 00 69 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 C4 00 00 00 02 00 00 00 56 00 32 00 63 01 00 00 5C 37 40 BE 20 00 4D 45 53 44 4F 43 7E 31 2E 4C 4E 4B 00 00 3A 00 03 00 04 00 EF BE 5C 37 40 BE 49 3A 34 B4 14 00 00 00 4D 00 65 00 73 00 20 00 64 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 19 01 00 00 02 00 00 00 48 00 32 00 4A 06 00 00 91 39 7D 97 20 00 4D 6F 7A 69 6C 6C 61 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 91 39 7D 97 4A 3A E0 08 14 00 00 00 4D 00 6F 00 7A 00 69 00 6C 00 6C 00 61 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 6F 00 00 00 02 00 00 00 5C 00 32 00 68 00 00 00 5C 37 3D BE 20 00 50 4F 53 54 45 44 7E 31 2E 4C 4E 4B 00 00 40 00 03 00 04 00 EF BE 5C 37 3D BE 49 3A 34 B4 14 00 00 00 50 00 6F 00 73 00 74 00 65 00 20 00 64 00 65 00 20 00 74 00 72 00 61 00 76 00 61 00 69 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 1A 00 00 00 7E 01 00 00 6A 00 32 00 95 02 00 00 47 3A C2 BD 20 00 52 41 43 43 4F 55 7E 31 2E 4C 4E 4B 00 00 4E 00 03 00 04 00 EF BE 47 3A C2 BD 49 3A 8A B4 14 00 00 00 52 00 61 00 63 00 63 00 6F 00 75 00 72 00 63 00 69 00 20 00 76 00 65 00 72 00 73 00 20 00 46 00 45 00 41 00 52 00 2E 00 65 00 78 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 1A 00 00 00 7E 01 00 00 00 00 00 00 Key Modified Time : 11/02/2009 01:03:34 Data Length : 2 548 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\Microsoft\Windows\Shell\Bags\1\Desktop Name : ItemPos1280x1024(1) Type : REG_BINARY Data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1A 00 00 00 02 00 00 00 14 00 1F 60 40 F0 5F 64 81 50 1B 10 9F 08 00 AA 00 2F 95 4E 6F 00 00 00 16 02 00 00 14 00 1F 68 80 53 1C 87 A0 42 69 10 A2 EA 08 00 2B 30 30 9D 6F 00 00 00 7E 01 00 00 58 00 3A 00 C9 06 00 00 49 3A D2 52 20 00 41 44 4F 42 45 52 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE 49 3A D2 52 4A 3A 06 B0 14 00 00 00 41 00 64 00 6F 00 62 00 65 00 20 00 52 00 65 00 61 00 64 00 65 00 72 00 20 00 39 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 6F 00 00 00 32 01 00 00 70 00 3A 00 19 06 00 00 48 3A 02 BB 20 00 50 43 49 4E 53 50 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE 48 3A 02 BB 4A 3A 06 B0 14 00 00 00 50 00 43 00 20 00 49 00 6E 00 73 00 70 00 65 00 63 00 74 00 6F 00 72 00 20 00 46 00 69 00 6C 00 65 00 20 00 52 00 65 00 63 00 6F 00 76 00 65 00 72 00 79 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 C4 00 00 00 4E 00 00 00 3A 00 31 00 00 00 00 00 49 3A 6C AC 10 00 42 4F 52 44 45 4C 00 00 24 00 03 00 04 00 EF BE 3D 3A 72 AB 4A 3A 06 AF 14 00 00 00 42 00 4F 00 52 00 44 00 45 00 4C 00 00 00 16 00 1A 00 00 00 CA 01 00 00 46 00 31 00 00 00 00 00 47 3A F2 BC 10 00 46 45 41 52 31 30 7E 31 00 00 2E 00 03 00 04 00 EF BE 47 3A F1 BC 4A 3A 7C 80 14 00 00 00 66 00 65 00 61 00 72 00 31 00 30 00 31 00 74 00 72 00 6E 00 37 00 00 00 18 00 1A 00 00 00 4E 00 00 00 34 00 31 00 00 00 00 00 42 3A 20 6D 10 00 4A 65 75 78 00 00 20 00 03 00 04 00 EF BE 3D 3A 6A AB 4A 3A 8A A5 14 00 00 00 4A 00 65 00 75 00 78 00 00 00 14 00 1A 00 00 00 E6 00 00 00 4E 00 31 00 00 00 00 00 48 3A 62 14 10 00 4E 4F 55 56 45 41 7E 31 00 00 36 00 03 00 04 00 EF BE 44 3A CD 14 4A 3A A1 AB 14 00 00 00 4E 00 6F 00 75 00 76 00 65 00 61 00 75 00 20 00 64 00 6F 00 73 00 73 00 69 00 65 00 72 00 00 00 18 00 16 04 00 00 E6 00 00 00 56 00 31 00 00 00 00 00 49 3A 74 AC 10 00 4E 4F 55 56 45 41 7E 32 00 00 3E 00 03 00 04 00 EF BE 49 3A 71 AC 4A 3A 7C 80 14 00 00 00 4E 00 6F 00 75 00 76 00 65 00 61 00 75 00 20 00 64 00 6F 00 73 00 73 00 69 00 65 00 72 00 20 00 28 00 32 00 29 00 00 00 18 00 1A 00 00 00 46 03 00 00 4E 00 31 00 00 00 00 00 49 3A 09 BE 10 00 52 41 44 46 43 32 7E 31 00 00 36 00 03 00 04 00 EF BE 49 3A 09 BE 4A 3A 67 AF 14 00 00 00 72 00 61 00 64 00 66 00 63 00 32 00 76 00 31 00 30 00 32 00 74 00 72 00 6E 00 31 00 35 00 00 00 18 00 1A 00 00 00 16 02 00 00 3C 00 31 00 00 00 00 00 48 3A FC 4D 10 00 54 63 70 56 69 65 77 00 26 00 03 00 04 00 EF BE 48 3A FC 4D 4A 3A 7C 80 14 00 00 00 54 00 63 00 70 00 56 00 69 00 65 00 77 00 00 00 16 00 6F 00 00 00 4E 00 00 00 46 00 31 00 00 00 00 00 48 3A 77 17 10 00 55 54 49 4C 49 54 7E 31 00 00 2E 00 03 00 04 00 EF BE 3D 3A 6F AB 4A 3A 7C 80 14 00 00 00 55 00 54 00 49 00 4C 00 49 00 54 00 41 00 49 00 52 00 45 00 53 00 00 00 18 00 6F 00 00 00 CA 01 00 00 4C 00 32 00 CD 8A 2C 00 49 3A 0F A2 21 00 43 6F 6D 62 6F 46 69 78 2E 65 78 65 00 00 30 00 03 00 04 00 EF BE 49 3A 0B A2 49 3A 44 AD 14 00 00 00 43 00 6F 00 6D 00 62 00 6F 00 46 00 69 00 78 00 2E 00 65 00 78 00 65 00 00 00 1C 00 6F 00 00 00 FA 02 00 00 48 00 32 00 A8 B4 01 00 4A 3A 11 AB 20 00 46 6F 78 53 63 61 6E 2E 65 78 65 00 2E 00 03 00 04 00 EF BE 4A 3A 11 AB 4A 3A 17 AB 14 00 00 00 46 00 6F 00 78 00 53 00 63 00 61 00 6E 00 2E 00 65 00 78 00 65 00 00 00 1A 00 6F 00 00 00 E6 00 00 00 40 00 32 00 1B EE 0B 00 48 3A 81 A5 20 00 52 53 49 54 2E 65 78 65 00 00 28 00 03 00 04 00 EF BE 48 3A 80 A5 48 3A 3B B3 14 00 00 00 52 00 53 00 49 00 54 00 2E 00 65 00 78 00 65 00 00 00 18 00 19 01 00 00 4E 00 00 00 48 00 32 00 14 C7 00 00 3F 3A B5 68 20 00 42 75 72 65 61 75 31 2E 72 61 72 00 2E 00 03 00 04 00 EF BE 3F 3A B5 68 4A 3A 07 B0 14 00 00 00 42 00 75 00 72 00 65 00 61 00 75 00 31 00 2E 00 72 00 61 00 72 00 00 00 1A 00 19 01 00 00 9A 00 00 00 48 00 32 00 8C 42 0D 25 47 3A 3B 45 20 00 42 75 72 65 61 75 32 2E 72 61 72 00 2E 00 03 00 04 00 EF BE 47 3A 0D 44 4A 3A E2 08 14 00 00 00 42 00 75 00 72 00 65 00 61 00 75 00 32 00 2E 00 72 00 61 00 72 00 00 00 1A 00 1A 00 00 00 9A 00 00 00 46 00 32 00 4C 04 84 1A 3F 3A 9D 1C 20 00 42 75 72 65 61 75 2E 72 61 72 00 00 2C 00 03 00 04 00 EF BE 3F 3A D1 1B 48 3A 3B B3 14 00 00 00 42 00 75 00 72 00 65 00 61 00 75 00 2E 00 72 00 61 00 72 00 00 00 1A 00 1A 00 00 00 AE 02 00 00 3C 00 32 00 3C 5D 00 00 49 3A 32 BA 20 00 46 43 32 2E 72 61 72 00 26 00 03 00 04 00 EF BE 49 3A 31 BA 4A 3A E2 AA 14 00 00 00 46 00 43 00 32 00 2E 00 72 00 61 00 72 00 00 00 16 00 6F 00 00 00 9A 00 00 00 5A 00 32 00 54 19 81 02 35 3A 7A 12 20 00 4E 4F 55 56 45 41 7E 31 2E 52 41 52 00 00 3E 00 03 00 04 00 EF BE 35 3A 6D 12 48 3A 3B B3 14 00 00 00 4E 00 6F 00 75 00 76 00 65 00 61 00 75 00 20 00 64 00 6F 00 73 00 73 00 69 00 65 00 72 00 2E 00 72 00 61 00 72 00 00 00 1C 00 6F 00 00 00 46 03 00 00 46 00 32 00 08 2C 21 00 4A 3A 6F AF 20 00 51 6F 6F 62 6F 78 2E 72 61 72 00 00 2C 00 03 00 04 00 EF BE 4A 3A 6E AF 4A 3A 73 AF 14 00 00 00 51 00 6F 00 6F 00 62 00 6F 00 78 00 2E 00 72 00 61 00 72 00 00 00 1A 00 C4 00 00 00 9A 00 00 00 40 00 32 00 04 C6 14 03 97 39 93 02 20 00 74 65 73 74 2E 72 61 72 00 00 28 00 03 00 04 00 EF BE 97 39 81 02 48 3A 60 AF 14 00 00 00 74 00 65 00 73 00 74 00 2E 00 72 00 61 00 72 00 00 00 18 00 C2 02 00 00 16 02 00 00 48 00 32 00 5E A7 01 00 48 3A 94 B6 20 00 57 61 72 6E 69 6E 67 2E 72 61 72 00 2E 00 03 00 04 00 EF BE 48 3A 94 B6 49 3A F1 96 14 00 00 00 57 00 61 00 72 00 6E 00 69 00 6E 00 67 00 2E 00 72 00 61 00 72 00 00 00 1A 00 6F 00 00 00 AE 02 00 00 5A 00 32 00 6C F2 01 00 49 3A F4 BD 20 00 52 41 44 46 43 32 7E 31 2E 5A 49 50 00 00 3E 00 03 00 04 00 EF BE 49 3A F4 BD 4A 3A D6 50 14 00 00 00 72 00 61 00 64 00 66 00 63 00 32 00 76 00 31 00 30 00 32 00 74 00 72 00 6E 00 31 00 35 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 6F 00 00 00 62 02 00 00 48 00 32 00 29 01 00 00 49 3A 63 AD 20 00 63 61 74 63 68 6D 65 2E 6C 6F 67 00 2E 00 03 00 04 00 EF BE 49 3A 95 A2 49 3A 63 AD 14 00 00 00 63 00 61 00 74 00 63 00 68 00 6D 00 65 00 2E 00 6C 00 6F 00 67 00 00 00 1A 00 C2 02 00 00 E6 00 00 00 54 00 32 00 68 0F 00 00 49 3A 49 AB 20 00 49 4E 54 31 33 45 7E 31 2E 54 58 54 00 00 38 00 03 00 04 00 EF BE 49 3A 42 AB 49 3A 49 AB 14 00 00 00 49 00 4E 00 54 00 31 00 33 00 45 00 58 00 54 00 2E 00 56 00 58 00 44 00 2E 00 74 00 78 00 74 00 00 00 1C 00 1A 00 00 00 62 02 00 00 4C 00 32 00 15 28 00 00 49 3A 38 AB 20 00 59 6F 6F 67 5F 46 69 78 2E 62 61 74 00 00 30 00 03 00 04 00 EF BE 49 3A 38 AB 49 3A 38 AB 14 00 00 00 59 00 6F 00 6F 00 67 00 5F 00 46 00 69 00 78 00 2E 00 62 00 61 00 74 00 00 00 1C 00 1A 00 00 00 FA 02 00 00 52 00 32 00 3D 70 03 00 49 3A FD BA 20 00 47 57 50 5F 52 45 7E 31 2E 4A 50 47 00 00 36 00 03 00 04 00 EF BE 49 3A FD BA 49 3A FD BA 14 00 00 00 67 00 77 00 70 00 5F 00 72 00 65 00 67 00 5F 00 31 00 5F 00 36 00 2E 00 6A 00 70 00 67 00 00 00 1C 00 1A 00 00 00 92 03 00 00 5E 00 32 00 00 90 23 00 4A 3A 53 30 20 00 45 56 49 4C 4F 58 7E 31 2E 50 50 53 00 00 42 00 03 00 04 00 EF BE 4A 3A 52 30 4A 3A 90 31 14 00 00 00 45 00 56 00 49 00 4C 00 4F 00 58 00 5F 00 63 00 6C 00 6F 00 77 00 6E 00 2D 00 62 00 75 00 73 00 68 00 2E 00 70 00 70 00 73 00 00 00 1C 00 1A 00 00 00 32 01 00 00 50 00 32 00 CE 06 00 00 48 3A E9 19 20 00 48 49 4A 41 43 4B 7E 31 2E 4C 4E 4B 00 00 34 00 03 00 04 00 EF BE 48 3A E9 19 4A 3A 06 B0 14 00 00 00 48 00 69 00 6A 00 61 00 63 00 6B 00 54 00 68 00 69 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 C4 00 00 00 02 00 00 00 56 00 32 00 63 01 00 00 5C 37 40 BE 20 00 4D 45 53 44 4F 43 7E 31 2E 4C 4E 4B 00 00 3A 00 03 00 04 00 EF BE 5C 37 40 BE 4A 3A 06 B0 14 00 00 00 4D 00 65 00 73 00 20 00 64 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 19 01 00 00 02 00 00 00 48 00 32 00 4A 06 00 00 91 39 7D 97 20 00 4D 6F 7A 69 6C 6C 61 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 91 39 7D 97 4A 3A 04 AF 14 00 00 00 4D 00 6F 00 7A 00 69 00 6C 00 6C 00 61 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 6F 00 00 00 02 00 00 00 5C 00 32 00 68 00 00 00 5C 37 3D BE 20 00 50 4F 53 54 45 44 7E 31 2E 4C 4E 4B 00 00 40 00 03 00 04 00 EF BE 5C 37 3D BE 4A 3A 41 AF 14 00 00 00 50 00 6F 00 73 00 74 00 65 00 20 00 64 00 65 00 20 00 74 00 72 00 61 00 76 00 61 00 69 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 1A 00 00 00 7E 01 00 00 6A 00 32 00 95 02 00 00 47 3A C2 BD 20 00 52 41 43 43 4F 55 7E 31 2E 4C 4E 4B 00 00 4E 00 03 00 04 00 EF BE 47 3A C2 BD 4A 3A 06 B0 14 00 00 00 52 00 61 00 63 00 63 00 6F 00 75 00 72 00 63 00 69 00 20 00 76 00 65 00 72 00 73 00 20 00 46 00 45 00 41 00 52 00 2E 00 65 00 78 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 1A 00 00 00 7E 01 00 00 00 00 00 00 Key Modified Time : 11/02/2009 01:03:34 Data Length : 2 808 ==================================================
- le 11 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Qoobox c'est pas un peu comme un dossier qui résume toute la demarche? Car j'ai farfouillé dedans et j'ai vu exactement tout ce que l'on a utilisé... L'envoi est fait
- le 10 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Voila le rapport: FoxScan Version 1.0.5 Ecrit par Loup blanc - Zebulon.fr Scan lancé le 10/02/2009 à 22:24:50,92 Microsoft Windows XP [version 5.1.2600] Service Pack 3 Mozilla Firefox version : 3.0.6 (fr) Dossier d'installation : C:\Program Files\Mozilla Firefox Profil : default Dossier du profil : C:\Documents and Settings\Larsouille\Application Data\mozilla\firefox\Profiles\b1ymclww.default\ Profil : Lars Dossier du profil : C:\Documents and Settings\Larsouille\Application Data\mozilla\firefox\Profiles\vk8jcjeq.Lars\ ------------------------------------------------------ //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : Lars ======= La notification d'installation des modules complémentaires est activée Nom : FoxTab Etat : Activé Dossier : C:\Documents and Settings\Larsouille\Application Data\Mozilla\Firefox\Profiles\vk8jcjeq.Lars\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} Nom : Java Console Etat : Activé Dossier : C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Nom : Java Quick Starter Etat : Activé Dossier : C:\Program Files\Java\jre6\lib\deploy\jqs\ff Nom : Aero Fox Etat : Activé Dossier : C:\Documents and Settings\Larsouille\Application Data\Mozilla\Firefox\Profiles\vk8jcjeq.Lars\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} Nom : Default Etat : Activé Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} Nom : Ma-config.com Etat : Désactivé ------------------------------------------------------ //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : "" browser.search.defaulturl : "" browser.search.selectedEngine : "" keyword.URL : "" --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml template="http://www.amazon.fr/exec/obidos/external-search/">'>http://www.amazon.fr/exec/obidos/external-search/"> C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml template="http://rover.ebay.com/rover/1/709-47295-17703-3/4">'>http://rover.ebay.com/rover/1/709-47295-17703-3/4"> C:\Program Files\Mozilla Firefox\searchplugins\google.xml template="http://www.google.com/search">'>http://www.google.com/search"> C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml template="http://www.dictionnaire-mediadico.com/dictionnaires.asp">'>http://www.dictionnaire-mediadico.com/dictionnaires.asp"> C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml template="http://fr.wikipedia.org/wiki/Special:Recherche">'>http://fr.wikipedia.org/wiki/Special:Recherche"> C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml template="http://fr.search.yahoo.com/search">'>http://fr.search.yahoo.com/search"> //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : Lars ======= Recherche dans "prefs.js" : browser.search.defaultenginename : "" browser.search.defaulturl : "" browser.search.selectedEngine : "" keyword.URL : "google" --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml template="http://www.amazon.fr/exec/obidos/external-search/"> C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml template="http://rover.ebay.com/rover/1/709-47295-17703-3/4"> C:\Program Files\Mozilla Firefox\searchplugins\google.xml template="http://www.google.com/search"> C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml template="http://www.dictionnaire-mediadico.com/dictionnaires.asp"> C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml template="http://fr.wikipedia.org/wiki/Special:Recherche"> C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml template="http://fr.search.yahoo.com/search"> ------------------------------------------------------ //////////// DLL présentes dans C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\ browserdirprovider.dll brwsrcmp.dll ------------------------------------------------------ //////////// Plugins configurés dans la Base de registre \\\\\\\\\\\\\ [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe® Flash® Player 10" "Vendor"="Adobe Systems Incorporated" "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/ShockwavePlayer] "Description"="Adobe Shockwave Player" "Vendor"="Adobe Systems Inc" "Path"="C:\WINDOWS\system32\Adobe\Director\np32dsw.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@Apple.com/iTunes,version=] "Description"="Module iTunes Detector" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@Apple.com/iTunes,version=1.0] "Vendor"="Apple Inc." "Path"="C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@divx.com/DivX Browser Plugin,version=1.0.0] "Description"="DivX Web Player" "Vendor"="DivX,Inc." "Path"="C:\Program Files\DivX\DivX Web Player\npdivx32.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@google.com/npPicasa3,version=3.0.0] "Description"="Picasa3 plugin" "Vendor"="Google, Inc." "Path"="C:\Documents and Settings\Didier\Mes documents\Google\Picasa3\npPicasa3.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@ma-config.com/HardwareDetection] "Description"="Détection de sa configuration" "Vendor"="CybelSoft" "Path"="C:\Program Files\ma-config.com\nphardwaredetection.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WPF,version=3.5] "Description"="Windows Presentation Foundation plug-in for Mozilla browsers" "Vendor"="Microsoft Corp." "Path"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nppl3260;version=6.0.11.2571] "Description"="RealMedia Plugin" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprpjplug;version=6.0.12.1739] "Description"="RealPlayer Version Plugin" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nsJSRealPlayerPlugin;version=] [HKEY_LOCAL_MACHINE\software\mozillaplugins\@videolan.org/vlc,version=0.9.8a] "Description"="VLC Multimedia Plugin" "Vendor"="VideoLAN" "Path"="C:\Program Files\VideoLAN\VLC\npvlc.dll" [HKEY_CURRENT_USER\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe Flash Player 9.0" "Vendor"="Adobe Systems Inc." "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" ------------------------------------------------------ //////////// Recherche additionnelles pour les infections Goored, YoogSearch... \\\\\\\\\\\\\ [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions] ------------------ Fin du rapport ------------------
- le 10 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

(Oui ) J'ai bien supprimé user.js et modifié prefs.js. Dois-je donc en conclure que c'est ok et que mon pc est tout clean?
- le 10 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

*Le petit FALKRA est demandé sur Zebubu, le petit FALKRA* J'vais téléphoner à perdu de recherche... Si ça se trouve c'est mon malware qu'a flingué sa machine... Balèze le malware.. Ça machine a fait "pffshit" et écran noir. (Je rigole bien sur, mon pc fonctionne alors rien ne presse et pis, on a tous une vie )
- le 10 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Bah en fait le premier s'est auto-effacé: reboot du pc, création du log et effaçage en règle du script. Voila le Log Script N°2: ComboFix 09-02-08.02 - Larsouille 2009-02-09 22:42:49.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1022.573 [GMT 1:00] Lancé depuis: c:\documents and settings\Larsouille\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Larsouille\Bureau\CFScript2.txt * Un nouveau point de restauration a été créé FILE :: c:\documents and settings\Larsouille\Application Data\Mozilla\Firefox\Profiles\vk8jcjeq.Lars\searchplugins\Yoog Search.xml . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Larsouille\Application Data\Mozilla\Firefox\Profiles\vk8jcjeq.Lars\searchplugins\Yoog Search.xml . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 )))))))))))))))))))))))))))))))))))) . 2009-02-09 00:24 . 2009-02-09 00:24 <REP> d-------- c:\program files\PC Inspector File Recovery 2009-02-09 00:24 . 2002-02-18 18:40 6,200 --a------ c:\windows\system32\INT13EXT.VXD 2009-02-08 22:23 . 2009-02-08 22:23 <REP> d-------- C:\rsit 2009-02-08 08:31 . 2009-02-08 08:31 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-08 08:31 . 2009-02-08 08:31 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-08 00:34 . 2009-02-08 00:34 <REP> d-------- c:\program files\Sierra 2009-02-07 05:34 . 2009-02-07 05:34 <REP> d-------- c:\program files\WBGames 2009-02-07 05:06 . 2009-02-07 05:12 <REP> d-------- c:\documents and settings\Larsouille\Application Data\vlc 2009-02-05 19:43 . 2009-02-05 19:43 917,504 --a------ c:\windows\system32\FLASH.OCX 2009-02-04 20:56 . 2009-02-04 21:44 <REP> d-------- c:\program files\Teamspeak2_RC2 2009-02-01 17:41 . 2008-04-14 04:34 20,992 --a------ c:\windows\system32\dshowext.ax 2009-02-01 17:41 . 2008-04-14 04:34 20,992 --a------ c:\windows\system32\dllcache\dshowext.ax 2009-01-29 21:51 . 2001-08-17 20:12 19,017 --a------ c:\windows\system32\drivers\RTL8029.sys 2009-01-29 21:51 . 2001-08-17 20:12 19,017 --a------ c:\windows\system32\dllcache\rtl8029.sys 2009-01-29 13:24 . 2009-01-29 13:24 <REP> d-------- c:\documents and settings\Larsouille\Application Data\Canneverbe_Limited 2009-01-29 01:00 . 2009-01-29 01:26 <REP> d-------- c:\documents and settings\Larsouille\Application Data\Download Manager 2009-01-25 03:27 . 2009-01-25 03:27 <REP> d-------- c:\windows\65F1CF6331E0450B96F34A88BE7361A6.TMP 2009-01-18 21:52 . 2009-02-08 10:55 <REP> d-------- c:\documents and settings\Larsouille\Tracing 2009-01-16 22:16 . 2009-02-08 04:45 137,688 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2009-01-16 22:15 . 2009-02-08 04:45 202,040 --a------ c:\windows\system32\PnkBstrB.exe 2009-01-16 22:15 . 2009-01-16 22:15 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\system32\xfcodec.dll 2009-01-09 17:26 . 2009-02-07 04:30 <REP> d-------- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-09 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\NOS 2009-02-09 18:41 --------- d-----w c:\program files\NOS 2009-02-09 10:18 --------- d-----w c:\program files\Google 2009-02-08 23:39 --------- d-----w c:\documents and settings\Larsouille\Application Data\Xfire 2009-02-08 23:24 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-08 22:01 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-08 21:18 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-08 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-08 07:31 --------- d-----w c:\program files\Java 2009-02-08 03:15 --------- d-----w c:\program files\Trend Micro 2009-02-08 02:43 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-02-07 07:17 --------- d-----w c:\documents and settings\Larsouille\Application Data\dvdcss 2009-02-06 19:59 --------- d-----w c:\program files\Xfire 2009-01-17 22:18 --------- d-----w c:\program files\ModernRcon 2009-01-17 22:06 22,328 ----a-w c:\documents and settings\Larsouille\Application Data\PnkBstrK.sys 2009-01-14 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-12 07:00 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2009-01-09 01:17 --------- d-----w c:\program files\CCleaner 2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr 2009-01-02 17:53 --------- d-----w c:\program files\Frets on Fire 2009-01-02 17:46 --------- d-----w c:\program files\CDBurnerXP 2008-12-30 00:36 682,280 ----a-w c:\windows\system32\pbsvc.exe 2008-12-30 00:21 --------- d-----w c:\program files\Activision 2008-12-25 20:06 --------- d-----w c:\documents and settings\Larsouille\Application Data\fretsonfire 2008-12-25 10:41 --------- d-----w c:\program files\Bonjour 2008-12-17 17:10 --------- d-----w c:\program files\Microsoft 2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-11-12 09:10 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-08-23 21:09 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082320080824\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-02-09_21.24.02,59 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE + 2009-02-09 21:02:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1d0.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304] "EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE" [2004-03-01 98304] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "WinSys2"="c:\windows\system32\winsys2.exe" [2008-07-03 208896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-04-13 c:\windows\RTHDCPL.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar] -ra------ 2005-05-20 15:32 278528 c:\program files\ZTE Corporation\ZXDSL852\CnxDslTb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-05-16 19:31 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager] --a------ 2007-09-25 19:10 102400 c:\program files\Orange\SessionManager\SessionManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS] --a------ 2007-09-25 20:08 94208 c:\program files\Orange\Systray\SystrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-04-12 09:10 65536 c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-05-16 19:31 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "Fax"=3 (0x3) "Bonjour Service"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"= "c:\\Program Files\\Teamspeak2_RC2 CLIENT\\TeamSpeak.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Metin2_France\\metin2.bin"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\WBGames\\Monolith Productions\\F.E.A.R. 2 SP Demo\\FEAR2SPDemo.exe"= "c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10231:TCP"= 10231:TCP:BitComet 10231 TCP "10231:UDP"= 10231:UDP:BitComet 10231 UDP "45191:TCP"= 45191:TCP:Utorrent "45191:UDP"= 45191:UDP:Utorrent "8767:TCP"= 8767:TCP:TS Serveur "8767:UDP"= 8767:UDP:TS Serveur R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-10-30 59904] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064] R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [2005-01-02 449920] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2007-10-28 131072] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2007-10-28 618112] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [2007-10-28 52736] S3 DCamUSBSTK02H;STK02H Camera;c:\windows\system32\DRIVERS\STK02HW2.sys --> c:\windows\system32\DRIVERS\STK02HW2.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752] S3 MSIGreenPower;MSIGreenPower;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\Green Power Center\NTGLM7X.sys [?] S3 MSIGreenPowerRushTop;MSIGreenPowerRushTop;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\RushTop.sys --> c:\program files\MSI\DualCoreCenter\Green Power Center\RushTop.sys [?] S3 RushTopDevice_J;RushTopDevice_J;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\RushJ.sys --> c:\program files\MSI\DualCoreCenter\Green Power Center\RushJ.sys [?] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - ENTDRV51 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b71ed76-dcb1-11dc-b4e3-00d0d08d71b9}] \Shell\AutoRun\command - wd_windows_tools\setup.exe . Contenu du dossier 'Tâches planifiées' 2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Examen supplémentaire ------- . uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop uStart Page = hxxp://www.wanadoo.fr mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop mWindow Title = uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: orange.fr\www TCP: {9207F01E-8F1C-4922-86E1-573BA9522D17} = 80.10.246.2,80.10.246.129 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Larsouille\Application Data\Mozilla\Firefox\Profiles\vk8jcjeq.Lars\ FF - prefs.js: browser.search.defaulturl - hxxp://www6.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Yoog Search FF - prefs.js: keyword.URL - hxxp://www6.yoog.com/search.php?q= FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.proxy.type - 0 FF - user.js: browser.shell.checkDefaultBrowser - false FF - user.js: google.toolbar.linkdoctor.enabled - false FF - user.js: browser.search.defaultenginename - Yoog Search FF - user.js: browser.search.defaulturl - hxxp://www6.yoog.com/search.php?q= FF - user.js: browser.search.selectedEngine - Yoog Search FF - user.js: keyword.URL - hxxp://www6.yoog.com/search.php?q= FF - user.js: keyword.enabled - true . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-09 22:44:10 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\SecuROM\License information*] "datasecu"=hex:d2,c2,e1,60,f7,e5,ce,75,d3,24,6d,aa,ff,81,64,9a,ca,e3,50,8a,a6, 9c,0f,7c,02,c6,3d,de,04,08,41,ad,58,6a,96,20,02,4e,29,88,bd,cb,6f,89,26,c5,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(852) c:\windows\system32\EntApi.dll . Heure de fin: 2009-02-09 22:46:10 ComboFix-quarantined-files.txt 2009-02-09 21:46:08 ComboFix2.txt 2009-02-09 21:08:31 ComboFix3.txt 2009-02-09 20:25:36 Avant-CF: 134 612 353 024 octets libres Après-CF: 134,593,359,872 octets libres Current=4 Default=4 Failed=2 LastKnownGood=3 Sets=,1,2,3,4 248 --- E O F --- 2009-01-14 21:46:39 --> Je confirme, les scripts s'efface automatiquement après utilisation. EDIT: J'ai testé FF, il n'a plus se soucis de décalage.
- le 9 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Ok, alors on se dit "tu"... ^^ Voila le premier Log: Fichier INT13EXT.VXD reçu le 2009.02.09 22:23:51 (CET) Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.09 - AhnLab-V3 5.0.0.2 2009.02.09 - AntiVir 7.9.0.76 2009.02.09 - Authentium 5.1.0.4 2009.02.08 - Avast 4.8.1335.0 2009.02.09 - AVG 8.0.0.229 2009.02.09 - BitDefender 7.2 2009.02.09 - CAT-QuickHeal 10.00 2009.02.09 - ClamAV 0.94.1 2009.02.09 - Comodo 972 2009.02.09 - DrWeb 4.44.0.09170 2009.02.09 - eSafe 7.0.17.0 2009.02.09 - eTrust-Vet 31.6.6347 2009.02.09 - F-Prot 4.4.4.56 2009.02.09 - F-Secure 8.0.14470.0 2009.02.09 - Fortinet 3.117.0.0 2009.02.09 - GData 19 2009.02.09 - Ikarus T3.1.1.45.0 2009.02.09 - K7AntiVirus 7.10.624 2009.02.09 - Kaspersky 7.0.0.125 2009.02.09 - McAfee 5520 2009.02.08 - McAfee+Artemis 5521 2009.02.09 - Microsoft 1.4306 2009.02.09 - NOD32 3839 2009.02.09 - Norman 6.00.02 2009.02.09 - nProtect 2009.1.8.0 2009.02.09 - Panda 9.5.1.2 2009.02.09 - PCTools 4.4.2.0 2009.02.09 - Prevx1 V2 2009.02.09 - Rising 21.15.50.00 2009.02.07 - SecureWeb-Gateway 6.7.6 2009.02.09 - Sophos 4.38.0 2009.02.09 - Sunbelt 3.2.1847.2 2009.02.07 - Symantec 10 2009.02.09 - TheHacker 6.3.1.5.250 2009.02.09 - TrendMicro 8.700.0.1004 2009.02.09 - VBA32 3.12.8.12 2009.02.08 - ViRobot 2009.2.9.1596 2009.02.09 - VirusBuster 4.5.11.0 2009.02.09 - Information additionnelle File size: 6200 bytes MD5...: e1d9b162740b31caee817740341eff09 SHA1..: 2a23c7c94f97f64b4c7d51b192e83106bf711126 SHA256: 3ff6c595a0fb5b91a6370b0b02cd587a4e286f48a98b40f0e603501c13ab635c SHA512: 0244447be51c39d420914258e4b7dde54158178960775a8cabdea80c4b5ac2c8 29af9912c98fd4cef30c0eeb7daa6bd4b63c283c9dfa577165af89629d22ba1f ssdeep: 96:KN72MvuHZXdpSrXODyBl9+lcNBGb+udu/zNEXNEa1bYggM/0:KNjvunpSrXOD 4HTBGbKrN+PbtgM/0 PEiD..: - TrID..: File type identification Generic Win/DOS Executable (49.5%) DOS Executable Generic (49.5%) VXD Driver (0.7%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) PEInfo: - Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.09 - AhnLab-V3 5.0.0.2 2009.02.09 - AntiVir 7.9.0.76 2009.02.09 - Authentium 5.1.0.4 2009.02.08 - Avast 4.8.1335.0 2009.02.09 - AVG 8.0.0.229 2009.02.09 - BitDefender 7.2 2009.02.09 - CAT-QuickHeal 10.00 2009.02.09 - ClamAV 0.94.1 2009.02.09 - Comodo 972 2009.02.09 - DrWeb 4.44.0.09170 2009.02.09 - eSafe 7.0.17.0 2009.02.09 - eTrust-Vet 31.6.6347 2009.02.09 - F-Prot 4.4.4.56 2009.02.09 - F-Secure 8.0.14470.0 2009.02.09 - Fortinet 3.117.0.0 2009.02.09 - GData 19 2009.02.09 - Ikarus T3.1.1.45.0 2009.02.09 - K7AntiVirus 7.10.624 2009.02.09 - Kaspersky 7.0.0.125 2009.02.09 - McAfee 5520 2009.02.08 - McAfee+Artemis 5521 2009.02.09 - Microsoft 1.4306 2009.02.09 - NOD32 3839 2009.02.09 - Norman 6.00.02 2009.02.09 - nProtect 2009.1.8.0 2009.02.09 - Panda 9.5.1.2 2009.02.09 - PCTools 4.4.2.0 2009.02.09 - Prevx1 V2 2009.02.09 - Rising 21.15.50.00 2009.02.07 - SecureWeb-Gateway 6.7.6 2009.02.09 - Sophos 4.38.0 2009.02.09 - Sunbelt 3.2.1847.2 2009.02.07 - Symantec 10 2009.02.09 - TheHacker 6.3.1.5.250 2009.02.09 - TrendMicro 8.700.0.1004 2009.02.09 - VBA32 3.12.8.12 2009.02.08 - ViRobot 2009.2.9.1596 2009.02.09 - VirusBuster 4.5.11.0 2009.02.09 - Information additionnelle File size: 6200 bytes MD5...: e1d9b162740b31caee817740341eff09 SHA1..: 2a23c7c94f97f64b4c7d51b192e83106bf711126 SHA256: 3ff6c595a0fb5b91a6370b0b02cd587a4e286f48a98b40f0e603501c13ab635c SHA512: 0244447be51c39d420914258e4b7dde54158178960775a8cabdea80c4b5ac2c8 29af9912c98fd4cef30c0eeb7daa6bd4b63c283c9dfa577165af89629d22ba1f ssdeep: 96:KN72MvuHZXdpSrXODyBl9+lcNBGb+udu/zNEXNEa1bYggM/0:KNjvunpSrXOD 4HTBGbKrN+PbtgM/0 PEiD..: - TrID..: File type identification Generic Win/DOS Executable (49.5%) DOS Executable Generic (49.5%) VXD Driver (0.7%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) PEInfo: - Voila le Yoog Log: <---------- Parametres ----------> Utilisateur courant: Larsouille Programme lance depuis "C:\Documents and Settings\Larsouille\Bureau\Yoog_Fix.bat" Windows XP Service Pack 3 Version IE: 7.0.5730.13 Version Firefox: 3.0.6 <---------- Analyse de Firefox ----------> <---------- Addons Firefox ----------> "Java Quick Starter" "Ma-config.com" "Java Console" "Java Console" "Java Console" "Aero Fox" "FoxTab" "Default" <---------- Valeur dans prefs.js ----------> Moteur de recherche sur clique droit "browser.search.defaulturl" : http://www6.yoog.com/search.php?q= Moteur de recherche par default "browser.search.defaultenginename" : Yoog Search Moteur de recherche selectionne "browser.search.selectedEngine" : Yoog Search <---------- Recherche de fichiers ----------> --- "C:\Program Files\Mozilla Firefox\components\" --- "C:\WINDOWS\system32" --- Fichiers contenants adzgalore --- Eventuelle infection encore inconnue <---------- Analyse d'Internet Explorer ----------> <---------- Recherche dans le registre ----------> --> Recherche dans le registre HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName REG_SZ @ieframe.dll,-12512 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2C7EA5F6-302C-40EB-9371-000A5E9CD7C6} DisplayName REG_SZ Yahoo! Search HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} DisplayName REG_SZ Google HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72} DisplayName REG_SZ Yoog Search HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL REG_SZ http://search.live.com/results.aspx?q={sea...ferrer:source?} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2C7EA5F6-302C-40EB-9371-000A5E9CD7C6} URL REG_SZ http://search.yahoo.com/search?ei=ISO-8859...q={searchTerms} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL REG_SZ http://www.google.com/search?q={searchTerm...amp;rlz=1I7GZHY HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72} URL REG_SZ http://www6.yoog.com/search.php?q={searchTerms} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL REG_SZ http://search.live.com/results.aspx?q={sea...ferrer:source?} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL REG_SZ http://slirsredirect.search.aol.com/slirs_...e=tb50winampie7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL REG_SZ http://search.live.com/results.aspx?q={sea...ferrer:source?} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL REG_SZ http://slirsredirect.search.aol.com/slirs_...e=tb50winampie7 --> Recherche dans HKEY_CURRENT_USER Page de demarrage "Start Page": http://www.wanadoo.fr Page de recherches "Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 --> Recherche dans HKEY_LOCAL_MACHINE Page de demarrage "Start Page": http://www.msn.com/ Page de recherches "Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 Page de recherches par Default "Default_Search_URL": http://go.microsoft.com/fwlink/?LinkId=54896 CustomizeSearch: http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SearchAssistant: http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm --> Extension(s) trouvee(s) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} CLSID REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} BandCLSID REG_SZ {FF059E31-CC5A-4E2E-BF3B-96E929D65503} ButtonText REG_SZ Research Default Visible REG_SZ Yes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2D4D26B-0180-43a4-B05F-462D6D54C789} CLSID REG_SZ {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} Default Visible REG_SZ Yes ButtonText REG_SZ Aide à la connexion ToolTip REG_SZ Aide à la connexion MenuText REG_SZ Aide à la connexion Script REG_SZ C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText REG_SZ Messenger CLSID REG_SZ {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} Default Visible REG_SZ Yes Exec REG_SZ C:\Program Files\Messenger\msmsgs.exe MenuText REG_SZ Windows Messenger ToolTip REG_SZ Windows Messenger <---------- Autres examens ----------> --- "C:\Program Files\Mozilla Firefox\Components" aboutRights.js aboutRobots.js browser.xpt browserdirprovider.dll brwsrcmp.dll compreg.dat FeedConverter.js FeedProcessor.js FeedWriter.js fuelApplication.js jsconsole-clhandler.js nppl3260.xpt nsAddonRepository.js nsBadCertHandler.js nsBlocklistService.js nsBrowserContentHandler.js nsBrowserGlue.js nsContentDispatchChooser.js nsContentPrefService.js nsDefaultCLH.js nsDownloadManagerUI.js nsExtensionManager.js nsHandlerService.js nsHelperAppDlg.js nsIQTScriptablePlugin.xpt nsJSRealPlayerPlugin.xpt nsLivemarkService.js nsLoginInfo.js nsLoginManager.js nsLoginManagerPrompter.js nsMicrosummaryService.js nsPlacesTransactionsService.js nsPostUpdateWin.js nsProxyAutoConfig.js nsSafebrowsingApplication.js nsSearchService.js nsSearchSuggestions.js nsSessionStartup.js nsSessionStore.js nsSetDefaultBrowser.js nsSidebar.js nsTaggingService.js nsTryToClose.js nsUpdateService.js nsUrlClassifierLib.js nsUrlClassifierListManager.js nsURLFormatter.js nsWebHandlerApp.js pluginGlue.js storage-Legacy.js txEXSLTRegExFunctions.js WebContentConverter.js xpti.dat --- "C:\Program Files\Mozilla Firefox\searchplugins" amazon-france.xml eBay-france.xml google.xml MediaDICO-fr.xml wikipedia-fr.xml yahoo-france.xml --- "C:\Program Files\Mozilla Firefox\plugins" Microsoft.VC80.CRT np-mswmp.dll np32dsw.dll npdeploytk.dll npdivx32.dll npdivx32.xpt npnul32.dll nppdf32.dll nppdf32.FRA nppl3260.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll nprpjplug.dll QuickTimePlugin.class ShockwavePlugin.class WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt --- "C:\Documents and Settings\Larsouille\Application Data\Mozilla\Firefox\Profiles\vk8jcjeq.Lars\searchplugins\" Yoog Search.xml <---------- Fin du rapport ----------> Plein de fois n'est pas coutume: Merci, pour tout.
- le 9 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Re, re ,re, j'ai une question: c'est vous/toi (j'suis fan du voutoiment...) qui les fait les scripts? voila le Log: ComboFix 09-02-08.02 - Larsouille 2009-02-09 21:58:42.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1022.526 [GMT 1:00] Lancé depuis: c:\documents and settings\Larsouille\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Larsouille\Bureau\CFScript.txt * Un nouveau point de restauration a été créé * Resident AV is active FILE :: c:\program files\Mozilla Firefox\components\35d0be18-32db-a26d-915e-fb48eb91da71.dll c:\windows\65F1CF6331E0450B96F34A88BE7361A6.TMP c:\windows\system32\bfc42l.dll c:\windows\system32\bmdjlsiqbck.dll-uninst.exe c:\windows\system32\ebd22e5f-88fe-3b29-9c46-deda3c5df6a4.exe c:\windows\system32\nnsfhcenhg.exe c:\windows\system32\nsoF7.dll c:\windows\system32\pb.exe c:\windows\Tasks\Symantec NetDetect.job . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\components\35d0be18-32db-a26d-915e-fb48eb91da71.dll c:\windows\system32\bfc42l.dll c:\windows\system32\bmdjlsiqbck.dll-uninst.exe c:\windows\system32\ebd22e5f-88fe-3b29-9c46-deda3c5df6a4.exe c:\windows\system32\nnsfhcenhg.exe c:\windows\system32\nsoF7.dll c:\windows\system32\pb.exe c:\windows\Tasks\Symantec NetDetect.job . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SETUPNTGLM7X -------\Legacy_XDVA090 -------\Legacy_XDVA190 -------\Service_SetupNTGLM7X -------\Service_XDva090 -------\Service_XDva190 ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 )))))))))))))))))))))))))))))))))))) . 2009-02-09 00:24 . 2009-02-09 00:24 <REP> d-------- c:\program files\PC Inspector File Recovery 2009-02-09 00:24 . 2002-02-18 18:40 6,200 --a------ c:\windows\system32\INT13EXT.VXD 2009-02-08 22:23 . 2009-02-08 22:23 <REP> d-------- C:\rsit 2009-02-08 08:31 . 2009-02-08 08:31 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-08 08:31 . 2009-02-08 08:31 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-08 00:34 . 2009-02-08 00:34 <REP> d-------- c:\program files\Sierra 2009-02-07 05:34 . 2009-02-07 05:34 <REP> d-------- c:\program files\WBGames 2009-02-07 05:06 . 2009-02-07 05:12 <REP> d-------- c:\documents and settings\Larsouille\Application Data\vlc 2009-02-05 19:43 . 2009-02-05 19:43 917,504 --a------ c:\windows\system32\FLASH.OCX 2009-02-04 20:56 . 2009-02-04 21:44 <REP> d-------- c:\program files\Teamspeak2_RC2 2009-02-01 17:41 . 2008-04-14 04:34 20,992 --a------ c:\windows\system32\dshowext.ax 2009-02-01 17:41 . 2008-04-14 04:34 20,992 --a------ c:\windows\system32\dllcache\dshowext.ax 2009-01-29 21:51 . 2001-08-17 20:12 19,017 --a------ c:\windows\system32\drivers\RTL8029.sys 2009-01-29 21:51 . 2001-08-17 20:12 19,017 --a------ c:\windows\system32\dllcache\rtl8029.sys 2009-01-29 13:24 . 2009-01-29 13:24 <REP> d-------- c:\documents and settings\Larsouille\Application Data\Canneverbe_Limited 2009-01-29 01:00 . 2009-01-29 01:26 <REP> d-------- c:\documents and settings\Larsouille\Application Data\Download Manager 2009-01-25 03:27 . 2009-01-25 03:27 <REP> d-------- c:\windows\65F1CF6331E0450B96F34A88BE7361A6.TMP 2009-01-18 21:52 . 2009-02-08 10:55 <REP> d-------- c:\documents and settings\Larsouille\Tracing 2009-01-16 22:16 . 2009-02-08 04:45 137,688 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2009-01-16 22:15 . 2009-02-08 04:45 202,040 --a------ c:\windows\system32\PnkBstrB.exe 2009-01-16 22:15 . 2009-01-16 22:15 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\system32\xfcodec.dll 2009-01-09 17:26 . 2009-02-07 04:30 <REP> d-------- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-09 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\NOS 2009-02-09 18:41 --------- d-----w c:\program files\NOS 2009-02-09 10:18 --------- d-----w c:\program files\Google 2009-02-08 23:39 --------- d-----w c:\documents and settings\Larsouille\Application Data\Xfire 2009-02-08 23:24 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-08 22:01 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-08 21:18 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-08 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-08 07:31 --------- d-----w c:\program files\Java 2009-02-08 03:15 --------- d-----w c:\program files\Trend Micro 2009-02-08 02:43 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-02-07 07:17 --------- d-----w c:\documents and settings\Larsouille\Application Data\dvdcss 2009-02-06 19:59 --------- d-----w c:\program files\Xfire 2009-01-17 22:18 --------- d-----w c:\program files\ModernRcon 2009-01-17 22:06 22,328 ----a-w c:\documents and settings\Larsouille\Application Data\PnkBstrK.sys 2009-01-14 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-12 07:00 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2009-01-09 01:17 --------- d-----w c:\program files\CCleaner 2009-01-02 17:53 --------- d-----w c:\program files\Frets on Fire 2009-01-02 17:46 --------- d-----w c:\program files\CDBurnerXP 2008-12-30 00:21 --------- d-----w c:\program files\Activision 2008-12-25 20:06 --------- d-----w c:\documents and settings\Larsouille\Application Data\fretsonfire 2008-12-25 10:41 --------- d-----w c:\program files\Bonjour 2008-12-17 17:10 --------- d-----w c:\program files\Microsoft 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-08-23 21:09 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082320080824\index.dat . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\INT13EXT.VXD -- Not a PE file. MD5: e1d9b162740b31caee817740341eff09 ((((((((((((((((((((((((((((( SnapShot@2009-02-09_21.24.02,59 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE + 2009-02-09 21:02:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1d0.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304] "EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE" [2004-03-01 98304] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "WinSys2"="c:\windows\system32\winsys2.exe" [2008-07-03 208896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-04-13 c:\windows\RTHDCPL.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar] -ra------ 2005-05-20 15:32 278528 c:\program files\ZTE Corporation\ZXDSL852\CnxDslTb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-05-16 19:31 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager] --a------ 2007-09-25 19:10 102400 c:\program files\Orange\SessionManager\SessionManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS] --a------ 2007-09-25 20:08 94208 c:\program files\Orange\Systray\SystrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-04-12 09:10 65536 c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-05-16 19:31 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "Fax"=3 (0x3) "Bonjour Service"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"= "c:\\Program Files\\Teamspeak2_RC2 CLIENT\\TeamSpeak.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Metin2_France\\metin2.bin"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\WBGames\\Monolith Productions\\F.E.A.R. 2 SP Demo\\FEAR2SPDemo.exe"= "c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10231:TCP"= 10231:TCP:BitComet 10231 TCP "10231:UDP"= 10231:UDP:BitComet 10231 UDP "45191:TCP"= 45191:TCP:Utorrent "45191:UDP"= 45191:UDP:Utorrent "8767:TCP"= 8767:TCP:TS Serveur "8767:UDP"= 8767:UDP:TS Serveur R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-10-30 59904] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064] R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [2005-01-02 449920] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2007-10-28 131072] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2007-10-28 618112] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [2007-10-28 52736] S3 DCamUSBSTK02H;STK02H Camera;c:\windows\system32\DRIVERS\STK02HW2.sys --> c:\windows\system32\DRIVERS\STK02HW2.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752] S3 MSIGreenPower;MSIGreenPower;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\Green Power Center\NTGLM7X.sys [?] S3 MSIGreenPowerRushTop;MSIGreenPowerRushTop;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\RushTop.sys --> c:\program files\MSI\DualCoreCenter\Green Power Center\RushTop.sys [?] S3 RushTopDevice_J;RushTopDevice_J;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\RushJ.sys --> c:\program files\MSI\DualCoreCenter\Green Power Center\RushJ.sys [?] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - ENTDRV51 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b71ed76-dcb1-11dc-b4e3-00d0d08d71b9}] \Shell\AutoRun\command - wd_windows_tools\setup.exe . Contenu du dossier 'Tâches planifiées' 2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-RocketDock - c:\documents and settings\Larsouille\RocketDock\RocketDock.exe . ------- Examen supplémentaire ------- . uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop uStart Page = hxxp://www.wanadoo.fr mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop mWindow Title = uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: orange.fr\www TCP: {9207F01E-8F1C-4922-86E1-573BA9522D17} = 80.10.246.2,80.10.246.129 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Larsouille\Application Data\Mozilla\Firefox\Profiles\vk8jcjeq.Lars\ FF - prefs.js: browser.search.defaulturl - hxxp://www6.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Yoog Search FF - prefs.js: keyword.URL - hxxp://www6.yoog.com/search.php?q= FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.proxy.type - 0 FF - user.js: browser.shell.checkDefaultBrowser - false FF - user.js: google.toolbar.linkdoctor.enabled - false FF - user.js: browser.search.defaultenginename - Yoog Search FF - user.js: browser.search.defaulturl - hxxp://www6.yoog.com/search.php?q= FF - user.js: browser.search.selectedEngine - Yoog Search FF - user.js: keyword.URL - hxxp://www6.yoog.com/search.php?q= FF - user.js: keyword.enabled - true . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-09 22:03:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\SecuROM\License information*] "datasecu"=hex:d2,c2,e1,60,f7,e5,ce,75,d3,24,6d,aa,ff,81,64,9a,ca,e3,50,8a,a6, 9c,0f,7c,02,c6,3d,de,04,08,41,ad,58,6a,96,20,02,4e,29,88,bd,cb,6f,89,26,c5,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(852) c:\windows\system32\EntApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Network Associates\Common Framework\FrameworkService.exe c:\program files\Network Associates\VirusScan\mcshield.exe c:\program files\Network Associates\VirusScan\vstskmgr.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2009-02-09 22:08:28 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-09 21:08:22 ComboFix2.txt 2009-02-09 20:25:36 Avant-CF: 134 703 099 904 octets libres Après-CF: 134,587,793,408 octets libres Current=4 Default=4 Failed=2 LastKnownGood=3 Sets=,1,2,3,4 287 --- E O F --- 2009-01-14 21:46:39
- le 9 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Re, pas d'quoi pour le .rar, content de te faire plaisir avec 2 beaux fichiers infectés Voici le log ComboFix: ComboFix 09-02-08.02 - Larsouille 2009-02-09 21:20:10.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1022.447 [GMT 1:00] Lancé depuis: c:\documents and settings\Larsouille\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\components\bmdjlsiqbck.dll c:\windows\system32\bmdjlsiqbck.dll c:\windows\system32\iyvpbsmszjc.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 )))))))))))))))))))))))))))))))))))) . 2009-02-09 00:24 . 2009-02-09 00:24 <REP> d-------- c:\program files\PC Inspector File Recovery 2009-02-09 00:24 . 2002-02-18 18:40 6,200 --a------ c:\windows\system32\INT13EXT.VXD 2009-02-08 22:23 . 2009-02-08 22:23 <REP> d-------- C:\rsit 2009-02-08 10:48 . 2009-02-08 10:48 <REP> d-------- c:\documents and settings\Larsouille\RocketDock 2009-02-08 08:31 . 2009-02-08 08:31 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-08 08:31 . 2009-02-08 08:31 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-08 03:38 . 2000-01-31 13:00 96,256 --a------ c:\windows\system32\bfc42l.dll 2009-02-08 03:38 . 2009-02-08 03:38 86,809 --a------ c:\windows\system32\ebd22e5f-88fe-3b29-9c46-deda3c5df6a4.exe 2009-02-08 03:38 . 2009-02-08 03:38 69,170 --a------ c:\windows\system32\bmdjlsiqbck.dll-uninst.exe 2009-02-08 03:38 . 2009-02-08 03:38 48,359 --a------ c:\windows\system32\nnsfhcenhg.exe 2009-02-08 00:34 . 2009-02-08 00:34 <REP> d-------- c:\program files\Sierra 2009-02-07 05:34 . 2009-02-07 05:34 <REP> d-------- c:\program files\WBGames 2009-02-07 05:06 . 2009-02-07 05:12 <REP> d-------- c:\documents and settings\Larsouille\Application Data\vlc 2009-02-05 19:43 . 2009-02-05 19:43 917,504 --a------ c:\windows\system32\FLASH.OCX 2009-02-05 10:08 . 2009-02-05 10:08 699,392 --a------ c:\windows\system32\nsoF7.dll 2009-02-04 20:56 . 2009-02-04 21:44 <REP> d-------- c:\program files\Teamspeak2_RC2 2009-02-01 17:41 . 2008-04-14 04:34 20,992 --a------ c:\windows\system32\dshowext.ax 2009-02-01 17:41 . 2008-04-14 04:34 20,992 --a------ c:\windows\system32\dllcache\dshowext.ax 2009-01-29 21:51 . 2001-08-17 20:12 19,017 --a------ c:\windows\system32\drivers\RTL8029.sys 2009-01-29 21:51 . 2001-08-17 20:12 19,017 --a------ c:\windows\system32\dllcache\rtl8029.sys 2009-01-29 13:24 . 2009-01-29 13:24 <REP> d-------- c:\documents and settings\Larsouille\Application Data\Canneverbe_Limited 2009-01-29 01:00 . 2009-01-29 01:26 <REP> d-------- c:\documents and settings\Larsouille\Application Data\Download Manager 2009-01-25 03:27 . 2009-01-25 03:27 <REP> d-------- c:\windows\65F1CF6331E0450B96F34A88BE7361A6.TMP 2009-01-18 21:52 . 2009-02-08 10:55 <REP> d-------- c:\documents and settings\Larsouille\Tracing 2009-01-16 22:16 . 2009-02-08 04:45 137,688 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2009-01-16 22:15 . 2009-01-16 22:15 674,600 --a------ c:\windows\system32\pb.exe 2009-01-16 22:15 . 2009-02-08 04:45 202,040 --a------ c:\windows\system32\PnkBstrB.exe 2009-01-16 22:15 . 2009-01-16 22:15 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\system32\xfcodec.dll 2009-01-09 17:26 . 2009-02-07 04:30 <REP> d-------- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-09 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\NOS 2009-02-09 18:41 --------- d-----w c:\program files\NOS 2009-02-09 10:18 --------- d-----w c:\program files\Google 2009-02-08 23:39 --------- d-----w c:\documents and settings\Larsouille\Application Data\Xfire 2009-02-08 23:24 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-08 22:01 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-08 21:18 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-08 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-08 07:31 --------- d-----w c:\program files\Java 2009-02-08 03:15 --------- d-----w c:\program files\Trend Micro 2009-02-08 02:43 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-02-07 07:17 --------- d-----w c:\documents and settings\Larsouille\Application Data\dvdcss 2009-02-06 19:59 --------- d-----w c:\program files\Xfire 2009-01-17 22:18 --------- d-----w c:\program files\ModernRcon 2009-01-17 22:06 22,328 ----a-w c:\documents and settings\Larsouille\Application Data\PnkBstrK.sys 2009-01-14 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-12 07:00 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2009-01-09 01:17 --------- d-----w c:\program files\CCleaner 2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr 2009-01-02 17:53 --------- d-----w c:\program files\Frets on Fire 2009-01-02 17:46 --------- d-----w c:\program files\CDBurnerXP 2008-12-30 00:36 682,280 ----a-w c:\windows\system32\pbsvc.exe 2008-12-30 00:21 --------- d-----w c:\program files\Activision 2008-12-25 20:06 --------- d-----w c:\documents and settings\Larsouille\Application Data\fretsonfire 2008-12-25 10:41 --------- d-----w c:\program files\Bonjour 2008-12-17 17:10 --------- d-----w c:\program files\Microsoft 2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-11-12 09:10 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-05 09:08 702,464 ----a-w c:\program files\mozilla firefox\components\35d0be18-32db-a26d-915e-fb48eb91da71.dll 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-08-23 21:09 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082320080824\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RocketDock"="c:\documents and settings\Larsouille\RocketDock\RocketDock.exe" [2007-09-02 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304] "EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE" [2004-03-01 98304] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "WinSys2"="c:\windows\system32\winsys2.exe" [2008-07-03 208896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-04-13 c:\windows\RTHDCPL.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar] -ra------ 2005-05-20 15:32 278528 c:\program files\ZTE Corporation\ZXDSL852\CnxDslTb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-05-16 19:31 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager] --a------ 2007-09-25 19:10 102400 c:\program files\Orange\SessionManager\SessionManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS] --a------ 2007-09-25 20:08 94208 c:\program files\Orange\Systray\SystrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-04-12 09:10 65536 c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-05-16 19:31 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "Fax"=3 (0x3) "Bonjour Service"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"= "c:\\Program Files\\Teamspeak2_RC2 CLIENT\\TeamSpeak.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Metin2_France\\metin2.bin"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\WBGames\\Monolith Productions\\F.E.A.R. 2 SP Demo\\FEAR2SPDemo.exe"= "c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10231:TCP"= 10231:TCP:BitComet 10231 TCP "10231:UDP"= 10231:UDP:BitComet 10231 UDP "45191:TCP"= 45191:TCP:Utorrent "45191:UDP"= 45191:UDP:Utorrent "8767:TCP"= 8767:TCP:TS Serveur "8767:UDP"= 8767:UDP:TS Serveur R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-10-30 59904] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064] R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [2005-01-02 449920] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2007-10-28 131072] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2007-10-28 618112] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [2007-10-28 52736] S3 DCamUSBSTK02H;STK02H Camera;c:\windows\system32\DRIVERS\STK02HW2.sys --> c:\windows\system32\DRIVERS\STK02HW2.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752] S3 MSIGreenPower;MSIGreenPower;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\Green Power Center\NTGLM7X.sys [?] S3 MSIGreenPowerRushTop;MSIGreenPowerRushTop;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\RushTop.sys --> c:\program files\MSI\DualCoreCenter\Green Power Center\RushTop.sys [?] S3 RushTopDevice_J;RushTopDevice_J;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\RushJ.sys --> c:\program files\MSI\DualCoreCenter\Green Power Center\RushJ.sys [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?] S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - ENTDRV51 *NewlyCreated* - IPOD_SERVICE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b71ed76-dcb1-11dc-b4e3-00d0d08d71b9}] \Shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfdf3d52-a668-11dc-b468-00d0d08d71b9}] \Shell\AutoRun\command - L:\CarryItEasy.exe /AUTORUN \Shell\configure\command - L:\CarryItEasy.exe \Shell\install\command - L:\CarryItEasy.exe . Contenu du dossier 'Tâches planifiées' 2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-09 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDetect.exe [] . - - - - ORPHELINS SUPPRIMES - - - - Notify-AtiExtEvent - (no file) MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe MSConfigStartUp-Orange Desktop Search - c:\program files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe . ------- Examen supplémentaire ------- . uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop uStart Page = hxxp://www.wanadoo.fr mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop mWindow Title = uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: orange.fr\www TCP: {9207F01E-8F1C-4922-86E1-573BA9522D17} = 80.10.246.2,80.10.246.129 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Larsouille\Application Data\Mozilla\Firefox\Profiles\vk8jcjeq.Lars\ FF - prefs.js: browser.search.defaulturl - hxxp://www6.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Yoog Search FF - prefs.js: keyword.URL - hxxp://www6.yoog.com/search.php?q= FF - component: c:\program files\Mozilla Firefox\components\35d0be18-32db-a26d-915e-fb48eb91da71.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.proxy.type - 0 FF - user.js: browser.shell.checkDefaultBrowser - false FF - user.js: google.toolbar.linkdoctor.enabled - false FF - user.js: browser.search.defaultenginename - Yoog Search FF - user.js: browser.search.defaulturl - hxxp://www6.yoog.com/search.php?q= FF - user.js: browser.search.selectedEngine - Yoog Search FF - user.js: keyword.URL - hxxp://www6.yoog.com/search.php?q= FF - user.js: keyword.enabled - true . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-09 21:23:06 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1931622177-1426763710-2230002237-1010\Software\SecuROM\License information*] "datasecu"=hex:d2,c2,e1,60,f7,e5,ce,75,d3,24,6d,aa,ff,81,64,9a,ca,e3,50,8a,a6, 9c,0f,7c,02,c6,3d,de,04,08,41,ad,58,6a,96,20,02,4e,29,88,bd,cb,6f,89,26,c5,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(848) c:\windows\system32\EntApi.dll . Heure de fin: 2009-02-09 21:25:34 ComboFix-quarantined-files.txt 2009-02-09 20:25:31 Avant-CF: 127 752 302 592 octets libres Après-CF: 127,749,591,040 octets libres Current=4 Default=4 Failed=2 LastKnownGood=3 Sets=,1,2,3,4 268 --- E O F --- 2009-01-14 21:46:39 Un second Log "catchme.log" est apparu sur le bureau, disant qu'il a scanné les fichiers cachés et qu'il y a aucune menace trouvé, je pense que cela t'es inutile...
- le 9 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Bonsoir, Non, non, non je dis qu'en mode sans echec je vire les fichiers, je ne teste même pas mozilla, je reviens direct en mode normal. Ensuite en mode normal je regarde si les fichiers sont revenues (non) donc je lance Mozilla et zouuuuu...Ils sont tous la, la famille au grand complet! Je réexplique par soucis de compréhension, je sais pas du tout si c'est ce que tu as déjà compris et pour Virus Scan, cela fait un bail qu'il est installé sur la machine et je n'ai jamais eu de soucis de se genre avant cela...
- le 9 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Non en fait je me suis trompé, je pensais à ce fichier: C:\Documents and Settings\Larsouille\Application Data\mozilla\firefox\Profiles\vk8jcjeq.Lars\searchplugins\Yoog Search.xml Pas les préférences de Mozilla... Je t'ai fait une archive .rar je pense que c'est tout aussi bien. C'est prèèèèèès! EDIT: Petite info qui peut avoir son importance: Je suis passé en safeboot (par msconfig), j'ai viré les lignes et le fichier et miracle quand je relance en normal plus rien, jusqu'a que je lance FF...Donc ils sont de retour mais peut-être que "la source" est dans C:...\Program Files\Mozilla ? (Je propose juste hein, j'adore aussi farfouillé dans mon pc pour savoir ce qui ne va pas, jusqu'a que je ne maitrise plus.)
- le 8 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Je répond à tes questions dans un premier temps, je posterais le Log dans le second temps. Donc, non je n'ai pas du tout ce fichier d'installation, c'est le sujet de ma question, je navigue pas sur les site de pornograhie et tout ce qui est site de crack pour les jeux car je sais très bien que même si pour certain la menace n'y est pas, pour d'autre cela peut très vite détérioré la machine... D'où ma question? Est-il possible qu'un fichier que je n'ai pas téléchargé comme la MAJ qu'a téléchargé mon père se retrouve dans Mes Documents (a moi)? Car j'ai trouvé dans Mes Documents, la MAJ du matos d'aéromodelisme de mon père ainsi que 2 autres fichiers: Setup et MysweetSetup (je ne me souviens plus trop bien du dernier.). Car en fait ne sachant pas ce que c'était ce Setup, je double clique dessus, histoire de voir le fournisseur, et je vois direct un truc d'instalation avec des belles images de X. Ne pouvant donc pas arrêter l'installation, j'éteins mon pc, au bouton c'est plus rapide j'avais trop peur. Du coup au reboot, j'ai effacé le screensaver "FreeHotBabesScreensaver" et les deux Setup. Je peux toujours essayer de les retrouver grâce au logiciel disponible sur le net, apparemment il y en a de très efficaces. Je pense avoir tout dit, si j'ai oublié un truc dans l'histoire je te transmettrais. Voici le Log Mbam: Malwarebytes' Anti-Malware 1.33 Version de la base de données: 1739 Windows 5.1.2600 Service Pack 3 08/02/2009 23:27:04 mbam-log-2009-02-08 (23-27-04).txt Type de recherche: Examen rapide Eléments examinés: 76678 Temps écoulé: 22 minute(s), 26 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Je peux tenter d'effacer manuellement le fichier C:\Documents and Settings\Larsouille\Application Data\mozilla\firefox\Profiles\vk8jcjeq.Lars\prefs.js Et remplacer ces lignes de codes en mode sans échec? browser.search.defaultenginename : "Yoog Search" browser.search.defaulturl : "http://www6.yoog.com/search.php?q='>http://www6.yoog.com/search.php?q=" browser.search.selectedEngine : "Yoog Search" keyword.URL : "http://www6.yoog.com/search.php?q="
- le 8 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Voila le first: info.txt logfile of random's system information tool 1.05 2009-02-08 22:23:16 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592} -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} AeroFly Professional Deluxe (incl. Add-On 1)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}\setup.exe" -l0x40c -removeonly America's Army-->MsiExec.exe /I{656D5B05-0409-41EE-BBEE-D9C4D6388972} Anark Client 4-->C:\Program Files\Anark\Anark Client 4\AMInstal.exe -uninstall Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2} Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Call of Duty® - World at War 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409 Call of Duty® - World at War 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409 Call of Duty® - World at War-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c Call of Duty® 4 - Modern Warfare 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409 Call of Duty® 4 - Modern Warfare 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409 Call of Duty® 4 - Modern Warfare 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409 Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409 Call of Duty® 4 - Modern Warfare 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409 Call of Duty® 4 - Modern Warfare 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409 Call of Duty® 4 - Modern Warfare-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C} CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Ciel Associations pour Windows-->C:\WINDOWS\unin040c.exe -fC:\DIDIER\Ciel\WASSOC\DeIsL3.isu Ciel eSauvegarde V2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBF7A3DA-880B-4747-AB57-D74A4EBAC69E}\install.exe" UNINSTALL Code du Travail-->"C:\Installations\Code du Travail\unins000.exe" Compléments d'aide et de support-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036 Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN EPSON CardMonitor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x40c uninst EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x40c -UnInstall EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x40c uninst EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x40c uninst EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x40c anything EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r EPSON Smart Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x40c Uninstall EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything ESCX6600 Guide de réf.-->C:\Program Files\EPSON\TPMANUAL\ESCX6600\REF_G\DOCUNINS.EXE ESCX6600 Guide des logiciels-->C:\Program Files\EPSON\TPMANUAL\ESCX6600\PQU_G\DOCUNINS.EXE EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" F.E.A.R. 2 SP Demo-->"C:\Program Files\InstallShield Installation Information\{F73D18C1-F4DA-4B9F-9C46-5185F5D3DB7C}\setup.exe" -runfromtemp -l0x0009 -removeonly Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly FEAR-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly GIF Movie Gear 4.1.2-->"C:\Program Files\GIF Movie Gear\unins000.exe" Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0} Intel® Network Connections Drivers-->Prounstl.exe InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} KBD-->C:\HP\KBD\KBD.EXE uninstalled Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly Ma-Config.com-->MsiExec.exe /X{3A4EE7A4-356E-43B7-A4A3-9C55B22A05B3} Mailing Pro-->MsiExec.exe /I{59F1EA74-C251-4109-BA1C-DE5CA08C77CC} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee Anti-Spyware Enterprise Module-->C:\Program Files\Network Associates\VirusScan\csscan.exe /UninstallMAS McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft SQL Server Compact 3.5 Design Tools FRA-->MsiExec.exe /X{043ECF7B-4724-4F7B-8A9D-BC22719E95F7} Microsoft SQL Server Compact 3.5 FRA-->MsiExec.exe /I{BE361597-42AC-4513-9BA6-FFAB310038FB} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{AB47EEE8-507B-331F-AA28-B7C7257F014C} Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F} ModernRcon v0.7-->C:\Program Files\ModernRcon\Uninstal.exe Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe MorphVOX Pro-->MsiExec.exe /I{C3D7BA1F-F886-4CD8-86D8-40112E5E6910} Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Navigateur Orange-->C:\Program Files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592} Orange - Logiciels Internet-->C:\Program Files\Orange\installation\core\Installgui.exe -u Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F} PC-Doctor for Windows-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1036 PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}\SETUP.EXE" -l0x40c anything PS2-->C:\WINDOWS\system32\ps2.exe uninstall PunkBuster Services-->C:\WINDOWS\system32\pb.exe -u Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log" Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} Real Alternative 1.60-->"C:\Program Files\Real Alternative\unins000.exe" Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 RocketDock 1.3.5-->"C:\Documents and Settings\Larsouille\RocketDock\unins000.exe" Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SUPER © Version 2007.bld.23 (July 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2 CLIENT\unins000.exe" TeamSpeak 2 Server RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Universalis 13-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Universalis\Universalis 13\Uninst.isu" Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B} Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ZTE ZXDSL852-->"c:\program files\zte corporation\zxdsl852\setup.exe" -u =====HijackThis Backups===== O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) ======Hosts File====== 127.0.0.1 babe.the-killer.bz 127.0.0.1 www.babe.the-killer.bz 127.0.0.1 babe.k-lined.com 127.0.0.1 www.babe.k-lined.com 127.0.0.1 did.i-used.cc 127.0.0.1 www.did.i-used.cc 127.0.0.1 coolwwwsearch.com 127.0.0.1 www.coolwwwsearch.com 127.0.0.1 coolwebsearch.com 127.0.0.1 www.coolwebsearch.com System event log Computer Name: AUBERT Event Code: 7036 Message: Le service Acquisition d'image Windows (WIA) est entré dans l'état : en cours d'exécution. Record Number: 55834 Source Name: Service Control Manager Time Written: 20090131213146.000000+060 Event Type: Informations User: Computer Name: AUBERT Event Code: 7036 Message: Le service Network Associates McShield est entré dans l'état : en pause. Record Number: 55833 Source Name: Service Control Manager Time Written: 20090131213133.000000+060 Event Type: Informations User: Computer Name: AUBERT Event Code: 7036 Message: Le service Network Associates McShield est entré dans l'état : en cours d'exécution. Record Number: 55832 Source Name: Service Control Manager Time Written: 20090131211622.000000+060 Event Type: Informations User: Computer Name: AUBERT Event Code: 7036 Message: Le service Acquisition d'image Windows (WIA) est entré dans l'état : en cours d'exécution. Record Number: 55831 Source Name: Service Control Manager Time Written: 20090131211616.000000+060 Event Type: Informations User: Computer Name: AUBERT Event Code: 7036 Message: Le service Network Associates McShield est entré dans l'état : en pause. Record Number: 55830 Source Name: Service Control Manager Time Written: 20090131211603.000000+060 Event Type: Informations User: Application event log Computer Name: AUBERT Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 5 Source Name: SecurityCenter Time Written: 20081211091313.000000+060 Event Type: Informations User: Computer Name: AUBERT Event Code: 1000 Message: Application défaillante wmplayer.exe, version 11.0.5721.5145, module défaillant ntdll.dll, version 5.1.2600.5512, adresse de défaillance 0x000109f9. Record Number: 4 Source Name: Application Error Time Written: 20081211081709.000000+060 Event Type: erreur User: Computer Name: AUBERT Event Code: 0 Message: Record Number: 3 Source Name: iPod Service Time Written: 20081210221059.000000+060 Event Type: Informations User: Computer Name: AUBERT Event Code: 5000 Message: VirusScan Enterprise McShield service started - scanning for 477615 viruses. Engine version : 5.3.00 .DAT version : 5459 EXTRA.DAT name : None Number of virus signatures in EXTRA.DAT : None Names of viruses that EXTRA.DAT can detect : None Record Number: 2 Source Name: McLogEvent Time Written: 20081210221051.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: AUBERT Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 1 Source Name: SecurityCenter Time Written: 20081210221037.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel "PROCESSOR_REVISION"=0404 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip -----------------EOF----------------- Voila le Deuxième: Logfile of random's system information tool 1.05 (written by random/random) Run by Larsouille at 2009-02-08 22:23:06 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 121 GB (52%) free of 232 GB Total RAM: 1022 MB (42% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:23:14, on 08/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\HP\KBD\KBD.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Larsouille\RocketDock\RocketDock.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Larsouille\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Larsouille.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600" O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Documents and Settings\Larsouille\RocketDock\RocketDock.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/geoservices/mg65ctrl_wi..._activex_ie.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9207F01E-8F1C-4922-86E1-573BA9522D17}: NameServer = 80.10.246.2,80.10.246.129 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 8899 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Symantec NetDetect.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-12-02 73040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-08 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-08 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-08 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440] "PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304] "EPSON Stylus CX6600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE [2004-03-01 98304] "ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 98304] "McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472] "hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088] "nwiz"=nwiz.exe /install [] "WinSys2"=C:\WINDOWS\system32\winsys2.exe [2008-07-03 208896] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-04-13 14156800] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-04-12 65536] "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-08 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "RocketDock"=C:\Documents and Settings\Larsouille\RocketDock\RocketDock.exe [2007-09-02 495616] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] C:\WINDOWS\ALCMTR.EXE [2005-04-12 65536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar] c:\program files\zte corporation\zxdsl852\CnxDslTb.exe [2005-05-20 278528] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe [2007-09-25 102400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orange Desktop Search] C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe /tray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS] C:\Program Files\Orange\Systray\SystrayApp.exe [2007-09-25 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 "iPod Service"=3 "gusvc"=3 "Fax"=3 "Bonjour Service"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®" "C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "C:\Program Files\Teamspeak2_RC2\server_windows.exe"="C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server" "C:\Program Files\Teamspeak2_RC2 CLIENT\TeamSpeak.exe"="C:\Program Files\Teamspeak2_RC2 CLIENT\TeamSpeak.exe:*:Enabled:TeamSpeak.exe" "C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire" "C:\Program Files\Metin2_France\metin2.bin"="C:\Program Files\Metin2_France\metin2.bin:*:Enabled:metin2" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare " "C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix" "C:\Program Files\Call of Duty - World at War Beta\CoDWaWbeta.exe"="C:\Program Files\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty®: World at War Multiplayer" "C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editeur" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Disabled:Far Cry 2" "C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Disabled:Far Cry 2 Updater" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Documents and Settings\Larsouille\Bureau\fallout_3_demo_technique_van_buren\F3.exe"="C:\Documents and Settings\Larsouille\Bureau\fallout_3_demo_technique_van_buren\F3.exe:*:Enabled:F3" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War " "C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War " "C:\Program Files\WBGames\Monolith Productions\F.E.A.R. 2 SP Demo\FEAR2SPDemo.exe"="C:\Program Files\WBGames\Monolith Productions\F.E.A.R. 2 SP Demo\FEAR2SPDemo.exe:*:Enabled:FEAR2SPDemo.exe" "C:\Program Files\Sierra\FEAR\FEAR.exe"="C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b71ed76-dcb1-11dc-b4e3-00d0d08d71b9}] shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfdf3d52-a668-11dc-b468-00d0d08d71b9}] shell\AutoRun\command - L:\CarryItEasy.exe /AUTORUN shell\configure\command - L:\CarryItEasy.exe shell\install\command - L:\CarryItEasy.exe ======List of files/folders created in the last 1 months====== 2009-02-08 22:23:06 ----D---- C:\rsit 2009-02-08 09:51:34 ----A---- C:\Rapport-FS.txt 2009-02-08 09:47:43 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-08 08:31:31 ----A---- C:\WINDOWS\system32\javaws.exe 2009-02-08 08:31:31 ----A---- C:\WINDOWS\system32\javaw.exe 2009-02-08 08:31:31 ----A---- C:\WINDOWS\system32\java.exe 2009-02-08 08:31:31 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-02-08 03:38:10 ----A---- C:\WINDOWS\system32\bfc42l.dll 2009-02-08 03:38:03 ----A---- C:\WINDOWS\system32\bmdjlsiqbck.dll-uninst.exe 2009-02-08 03:38:01 ----A---- C:\WINDOWS\system32\nnsfhcenhg.exe 2009-02-08 03:38:00 ----A---- C:\WINDOWS\system32\ebd22e5f-88fe-3b29-9c46-deda3c5df6a4.exe 2009-02-08 00:34:28 ----D---- C:\Program Files\Sierra 2009-02-07 05:34:06 ----D---- C:\Program Files\WBGames 2009-02-07 05:06:48 ----D---- C:\Documents and Settings\Larsouille\Application Data\vlc 2009-02-06 23:15:14 ----A---- C:\WINDOWS\system32\bmdjlsiqbck.dll 2009-02-05 10:08:42 ----A---- C:\WINDOWS\system32\nsoF7.dll 2009-02-04 20:56:53 ----D---- C:\Program Files\Teamspeak2_RC2 2009-01-29 13:24:38 ----D---- C:\Documents and Settings\Larsouille\Application Data\Canneverbe_Limited 2009-01-29 01:00:54 ----D---- C:\Documents and Settings\Larsouille\Application Data\Download Manager 2009-01-25 03:27:23 ----D---- C:\WINDOWS\65F1CF6331E0450B96F34A88BE7361A6.TMP 2009-01-23 21:41:38 ----A---- C:\WINDOWS\system32\iyvpbsmszjc.dll 2009-01-16 22:15:42 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2009-01-16 22:15:40 ----A---- C:\WINDOWS\system32\PnkBstrA.exe 2009-01-16 22:15:11 ----A---- C:\WINDOWS\system32\pb.exe 2009-01-15 09:37:02 ----A---- C:\WINDOWS\system32\xfcodec.dll 2009-01-14 01:21:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-01-09 17:26:46 ----D---- C:\WINDOWS\system32\Adobe ======List of files/folders modified in the last 1 months====== 2009-02-08 22:22:21 ----D---- C:\Program Files\Mozilla Firefox 2009-02-08 22:18:20 ----D---- C:\WINDOWS\Prefetch 2009-02-08 22:18:19 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-02-08 22:18:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-08 22:17:36 ----SHD---- C:\WINDOWS\Installer 2009-02-08 22:17:05 ----D---- C:\Program Files 2009-02-08 21:02:07 ----D---- C:\WINDOWS\system32\Lang 2009-02-08 21:02:04 ----D---- C:\WINDOWS\Temp 2009-02-08 09:48:12 ----D---- C:\WINDOWS 2009-02-08 09:46:31 ----RASH---- C:\boot.ini 2009-02-08 09:46:31 ----A---- C:\WINDOWS\win.ini 2009-02-08 09:46:31 ----A---- C:\WINDOWS\system.ini 2009-02-08 08:37:37 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-08 08:31:31 ----D---- C:\WINDOWS\system32 2009-02-08 08:31:06 ----D---- C:\Program Files\Java 2009-02-08 06:21:49 ----D---- C:\WINDOWS\system32\FxsTmp 2009-02-08 04:32:19 ----D---- C:\Documents and Settings\Larsouille\Application Data\Xfire 2009-02-08 04:15:17 ----D---- C:\Program Files\Trend Micro 2009-02-08 04:05:20 ----D---- C:\WINDOWS\Debug 2009-02-08 03:43:47 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard 2009-02-08 03:42:57 ----D---- C:\WINDOWS\system32\drivers 2009-02-08 00:42:12 ----RSD---- C:\WINDOWS\assembly 2009-02-08 00:42:12 ----D---- C:\WINDOWS\system32\DirectX 2009-02-08 00:34:47 ----HD---- C:\Program Files\InstallShield Installation Information 2009-02-08 00:14:36 ----D---- C:\QUARANTINE 2009-02-07 08:17:15 ----D---- C:\Documents and Settings\Larsouille\Application Data\dvdcss 2009-02-07 05:36:54 ----HD---- C:\WINDOWS\inf 2009-02-07 04:30:05 ----D---- C:\Documents and Settings\Larsouille\Application Data\Adobe 2009-02-06 20:59:28 ----D---- C:\Program Files\Xfire 2009-02-06 19:40:13 ----D---- C:\WINDOWS\twain_32 2009-02-06 17:40:19 ----D---- C:\WINDOWS\system32\dllcache 2009-02-01 17:55:06 ----D---- C:\WINDOWS\Help 2009-01-17 23:18:16 ----D---- C:\Program Files\ModernRcon 2009-01-14 22:46:38 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-01-14 01:20:55 ----HD---- C:\WINDOWS\$hf_mig$ 2009-01-12 08:00:29 ----D---- C:\Program Files\Fichiers communs\Symantec Shared 2009-01-11 21:17:53 ----D---- C:\WINDOWS\Tasks 2009-01-10 02:35:28 ----A---- C:\WINDOWS\system32\MRT.exe 2009-01-09 02:20:46 ----D---- C:\WINDOWS\Minidump 2009-01-09 02:17:29 ----D---- C:\Program Files\CCleaner ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2007-01-18 59904] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-04-23 5632] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496] R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-04-16 2564032] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2007-01-18 117024] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408] R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-29 23808] R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A; C:\WINDOWS\system32\DRIVERS\wn5401.sys [2005-01-07 449920] S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064] S3 catchme;catchme; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 131072] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 618112] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 52736] S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921] S3 DCamUSBSTK02H;STK02H Camera; C:\WINDOWS\system32\DRIVERS\STK02HW2.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452] S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys [] S3 MSIGreenPower;MSIGreenPower; \??\C:\Program Files\MSI\DualCoreCenter\Green Power Center\NTGLM7X.sys [] S3 MSIGreenPowerRushTop;MSIGreenPowerRushTop; \??\C:\Program Files\MSI\DualCoreCenter\Green Power Center\RushTop.sys [] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys [] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416] S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys [] S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS); C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] S3 RushTopDevice_J;RushTopDevice_J; \??\C:\Program Files\MSI\DualCoreCenter\Green Power Center\RushJ.sys [] S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 XDva090;XDva090; \??\C:\WINDOWS\system32\XDva090.sys [] S3 XDva190;XDva190; \??\C:\WINDOWS\system32\XDva190.sys [] S3 Xponaut_WBD;Xponaut WaveBridge Device (WDM); C:\WINDOWS\system32\drivers\xpntwbd.sys [2007-01-19 13184] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-08 152984] R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463] R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2007-01-18 221191] R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2007-01-18 29184] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-01-16 66872] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-08 202040] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-17 195752] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-04 138168] S4 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- *Encore & toujours merci de ta patience...*
- le 8 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Oui j'ai virus Scan, et non j'ai toujours le bon firewall inutile de Windows.
- le 8 février 2009
- 48 réponses
Réseau murale

Larsouille a répondu à un(e) sujet de jo_lemans dans Internet & Réseaux

Bonsoir, tu as mit aucun filtres? Il me semble qu'il en faut un sur chaque prises téléphoniques non?
- le 8 février 2009
- 13 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Non, même problème, aucun soucis niveau chargement, c'est toujours ce décalage...
- le 8 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Oui j'ai désactivé Foxtab (pas désinstaller, bien désactiver) et j'ai toujours le même problème. Pour info complémentaire, mon père à le même souci, pourtant j'ai regardé dans son profil et il n'y a pas les lignes de code dans le fichier prefs.js mais il a aussi le fichier: searchplugins\Yoog Search.xml. Si jamais cela peut t'aider à localiser l'bestiau.... Et cela m'aurait étonné que le soucis provienne de FoxTab car je l'ai téléchargé sur le site officiel de Mozilla... Merci et bravo pour ta patience
- le 8 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

C'est fait. Et c'est toujours bien la, j'vais bien fait comme tu m'as dit. Et j'ai relancer FF, qui avait le même soucis. Alors j'ai vérifié les même endroits et tout est reviendu J'aime quand une saleté résiste, sinon c'est pas très drôle... Comme je sais où c'est, je peux peut-être essayer la même manip' en mode sans échec? (Je ne m'exécute pas sans ton avis) (J'ai encore d'autres questions, que je note quand j'y pense, je te les poserais par MP ou tout à la fin...Certaines ayant un rapport, d'autres non.)
- le 8 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a répondu à un(e) sujet de Larsouille dans Analyses et éradication malwares

Si si, "engueuler" non, restons correcte, disons plutôt sermonner. D'ailleurs par la même occasion je te pose cette question: est-il possible qu'un fichier téléchargé, par mon père par exemple, arrive dans Mes documents (les miens?)? Car je sais qu'il a téléchargé une MAJ (un vraie ) d'une FlyCam (aéromodeliste...) et j'ai retrouvé cette MAJ dans Mes Documents, à moi... Voila le rapport: FoxScan Version 1.0.5 Ecrit par Loup blanc - Zebulon.fr Scan lancé le 08/02/2009 à 9:51:34,46 Microsoft Windows XP [version 5.1.2600] Service Pack 3 Mozilla Firefox version : 3.0.6 (fr) Dossier d'installation : C:\Program Files\Mozilla Firefox Profil : default Dossier du profil : C:\Documents and Settings\Larsouille\Application Data\mozilla\firefox\Profiles\b1ymclww.default\ Profil : Lars Dossier du profil : C:\Documents and Settings\Larsouille\Application Data\mozilla\firefox\Profiles\vk8jcjeq.Lars\ ------------------------------------------------------ //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : Lars ======= La notification d'installation des modules complémentaires est activée Nom : FoxTab Etat : Activé Dossier : C:\Documents and Settings\Larsouille\Application Data\Mozilla\Firefox\Profiles\vk8jcjeq.Lars\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} Nom : Java Console Etat : Activé Dossier : C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Nom : Java Quick Starter Etat : Activé Dossier : C:\Program Files\Java\jre6\lib\deploy\jqs\ff Nom : Aero Fox Etat : Activé Dossier : C:\Documents and Settings\Larsouille\Application Data\Mozilla\Firefox\Profiles\vk8jcjeq.Lars\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} Nom : Default Etat : Activé Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} Nom : Ma-config.com Etat : Désactivé ------------------------------------------------------ //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "perfs.js" : browser.search.defaultenginename : "" browser.search.defaulturl : "" browser.search.selectedEngine : "" keyword.URL : "" --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml template="http://www.amazon.fr/exec/obidos/external-search/">'>http://www.amazon.fr/exec/obidos/external-search/"> C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml template="http://rover.ebay.com/rover/1/709-47295-17703-3/4">'>http://rover.ebay.com/rover/1/709-47295-17703-3/4"> C:\Program Files\Mozilla Firefox\searchplugins\google.xml template="http://www.google.com/search">'>http://www.google.com/search"> C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml template="http://www.dictionnaire-mediadico.com/dictionnaires.asp">'>http://www.dictionnaire-mediadico.com/dictionnaires.asp"> C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml template="http://fr.wikipedia.org/wiki/Special:Recherche">'>http://fr.wikipedia.org/wiki/Special:Recherche"> C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml template="http://fr.search.yahoo.com/search">'>http://fr.search.yahoo.com/search"> //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : Lars ======= Recherche dans "perfs.js" : browser.search.defaultenginename : "Yoog Search" browser.search.defaulturl : "http://www6.yoog.com/search.php?q="'>http://www6.yoog.com/search.php?q=" browser.search.selectedEngine : "Yoog Search" keyword.URL : "http://www6.yoog.com/search.php?q=" --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml template="http://www.amazon.fr/exec/obidos/external-search/"> C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml template="http://rover.ebay.com/rover/1/709-47295-17703-3/4"> C:\Program Files\Mozilla Firefox\searchplugins\google.xml template="http://www.google.com/search"> C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml template="http://www.dictionnaire-mediadico.com/dictionnaires.asp"> C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml template="http://fr.wikipedia.org/wiki/Special:Recherche"> C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml template="http://fr.search.yahoo.com/search"> C:\Documents and Settings\Larsouille\Application Data\mozilla\firefox\Profiles\vk8jcjeq.Lars\searchplugins\Yoog Search.xml ------------------------------------------------------ //////////// DLL présentes dans C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\ 35d0be18-32db-a26d-915e-fb48eb91da71.dll bmdjlsiqbck.dll browserdirprovider.dll brwsrcmp.dll ------------------------------------------------------ //////////// Plugins configurés dans la Base de registre \\\\\\\\\\\\\ [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe® Flash® Player 10" "Vendor"="Adobe Systems Incorporated" "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/ShockwavePlayer] "Description"="Adobe Shockwave Player" "Vendor"="Adobe Systems Inc" "Path"="C:\WINDOWS\system32\Adobe\Director\np32dsw.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@Apple.com/iTunes,version=] "Description"="Module iTunes Detector" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@Apple.com/iTunes,version=1.0] "Vendor"="Apple Inc." "Path"="C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@divx.com/DivX Browser Plugin,version=1.0.0] "Description"="DivX Web Player" "Vendor"="DivX,Inc." "Path"="C:\Program Files\DivX\DivX Web Player\npdivx32.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@google.com/npPicasa3,version=3.0.0] "Description"="Picasa3 plugin" "Vendor"="Google, Inc." "Path"="C:\Documents and Settings\Didier\Mes documents\Google\Picasa3\npPicasa3.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@ma-config.com/HardwareDetection] "Description"="Détection de sa configuration" "Vendor"="CybelSoft" "Path"="C:\Program Files\ma-config.com\nphardwaredetection.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WPF,version=3.5] "Description"="Windows Presentation Foundation plug-in for Mozilla browsers" "Vendor"="Microsoft Corp." "Path"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nppl3260;version=6.0.11.2571] "Description"="RealMedia Plugin" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprpjplug;version=6.0.12.1739] "Description"="RealPlayer Version Plugin" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nsJSRealPlayerPlugin;version=] [HKEY_LOCAL_MACHINE\software\mozillaplugins\@videolan.org/vlc,version=0.9.8a] "Description"="VLC Multimedia Plugin" "Vendor"="VideoLAN" "Path"="C:\Program Files\VideoLAN\VLC\npvlc.dll" [HKEY_CURRENT_USER\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe Flash Player 9.0" "Vendor"="Adobe Systems Inc." "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" ------------------------------------------------------ //////////// Recherche additionnelles pour les infections Goored, YoogSearch... \\\\\\\\\\\\\ [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions] ------------------ Fin du rapport ------------------ J'aime aussi éplucher mes rapports Hijack This (je débute ^^) et je subodore que la menace vient de la: [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions] J'ai bon? Merci d'avoir répondu aussi vite! Note: j'ai ajouté en plugin Firefox une chose qui empêche les scripts, avec ce pluging j'ai aucun problème...
- le 8 février 2009
- 48 réponses
[Résolu] Décalage dans la fenêtre de Firefox

Larsouille a posté un sujet dans Analyses et éradication malwares

Bonjours à toutes et a tous, Voici mon problème, j'ai un décalage Firefox: je le lance tout vas bien, Google apparait bien centré, je fais une recherche et Patratra! Tout ce décale, la preuve en image: ICI OU LA Et quand je clique sur le lien recherché, tout revient dans l'ordre. Firefox n'est même pas plus lent. Juste 1 heure avant tout cela, j'ai fait un scan pour effacer des fichiers, disons douteux, provenant de je-sais-bien-où-mais-si-je-le-dit-j'risque-de-me-faire-engueuler...Ne prenons pas ce risque. Donc j'avais fait un scan malwarebytes, spybot, CCleaner et un petit hijack pour la forme. Donc tout est propre, ou le parait... Quel est votre avis sur la question?
- le 8 février 2009
- 48 réponses
Orange 18M=1M? [Resolu]

Larsouille a répondu à un(e) sujet de Larsouille dans Internet & Réseaux

Désolé, je n'ai pas eu le temps de répondre plus tôt. Enfin bon ce matin, pris dans un élan de "j'démonte tout!" j'ai donc tout démonter. J'ai retiré la longueur de câble téléphonique inutile (environs 4-5 mètres de fils, enroulé, bonjour les pertes...) j'ai tout raccordé. Ça ne marchais pas du tout au début mais ça a remarcher par la suite.. J'vous l'ai maté moi la Livebox, elle fait moins sa maligne et enfin j'ai du 18M. J'ai testé tout ça en downloadant comme un foufou, des démos hein...sur jeuxvideos.com car ils ont de très bon serveur. 3 fichiers de différentes tailles: 900Ko/s (plus ou moin). Seul le 4eme était à 140-150Ko/s mais je me dit que c'est parce que c'est une démo nouvelle sur leur site. (Du coup y'a beaucoup plus de personne qui piochent dans le serveur...) Donc je suis satisfaits et je vais passer se sujet en [Résolu] ^^ EDIT: que je poste quand bien même la possible solution si cela peut aider mon prochain. En fait au bout d'une heure je devais bien avoir du 18M après mon changement. Mais ce qu'ils ne disent pas c'est qu'il faut rebooter (redemarrer) la Box. Elle fait donc sa synchro et d'autres tests et pis voila! Encore merci @ vous pour l'aide bien évidement!
- le 4 janvier 2009
- 9 réponses
Orange 18M=1M? [Resolu]

Larsouille a répondu à un(e) sujet de Larsouille dans Internet & Réseaux

Dis moi c'est quoi du câble téléphonique 4/10? = 4mm et 10 brins? Bon le gars ma dit au max: 2 semaines. Mais ma Livebox a redémarré donc j'ai fouillé dans les paramètres et ça me dit que j'ai un débit de 18M. --> Débit montant 1020 Kb/s (Intlv[LP0]) Débit descendant 22920 Kb/s (Intlv[LP0]) Enfin c'est ce que je déduis car avant (oui j'aime fouiner dans ma LB... ) les infos étaient bien plus petites que ça.
- le 1 janvier 2009
- 9 réponses
Orange 18M=1M? [Resolu]

Larsouille a répondu à un(e) sujet de Larsouille dans Internet & Réseaux

Y'a plus de condo' sur les prises. Et je ne pense pas avoir moyen de tester ma ligne directement à l'arrivée. A moins que je squatte une heure ou deux le portable d'une amie. Moi je pense que c'est soit la rallonge qui est de mauvaise qualité et qui rajoute des pertes soit j'ai pas encore totalement du 18M donc faut que attendre...
- le 1 janvier 2009
- 9 réponses

Connexion

Larsouille

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Larsouille

[RESOLU] Windows 7 sur un DD externe?

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

Réseau murale

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

[Résolu] Décalage dans la fenêtre de Firefox

Orange 18M=1M? [Resolu]

Orange 18M=1M? [Resolu]

Orange 18M=1M? [Resolu]

Zebulon

Outils en ligne

Naviguer