Interprétation log Hijacktis

[Benhhur]

Bonjour à tous,

 

Mon Pc portable (Vista familial, Firefox) a été infecté par Koobface, un virus qui sevit sur faceBook.

En cherchant un peu j ai DL ComboFix et je viens maintenant solliciter votre expertise sur le rapport Log que l'analyse a généré...

En espérant que vous pourrez m'aider..

 

Voila le log (un peu long désolé..):

 

ComboFix 10-02-12.01 - Ben 15/02/2010 14:04:30.1.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1298 [GMT 0:00]

Lancé depuis: c:\users\Ben\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1229 [VPS 081210-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: avast! antivirus 4.8.1229 [VPS 081210-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-1156096930-2836191889-3919688664-500

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\$recycle.bin\S-1-5-21-3231033161-2971845996-1313068391-1001

c:\$recycle.bin\S-1-5-21-3231033161-2971845996-1313068391-1002

c:\$recycle.bin\S-1-5-21-3231033161-2971845996-1313068391-500

c:\windows\010112010146114101.xxe

c:\windows\01011201014650115.xxe

c:\windows\0101120101465448.xxe

c:\windows\fdgg34353edfgdfdf

c:\windows\system32\stacsv.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-15 au 2010-02-15 ))))))))))))))))))))))))))))))))))))

.

 

2010-02-15 14:17 . 2010-02-15 14:17 -------- d-----w- c:\users\Ben\AppData\Local\temp

2010-02-15 14:17 . 2010-02-15 14:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-14 15:37 . 2010-02-14 15:37 24576 ---ha-w- C:\SZKGFS.dat

2010-02-14 15:36 . 2010-02-14 15:36 -------- d-----w- c:\programdata\SITEguard

2010-02-14 15:33 . 2010-02-14 15:33 -------- d-----w- c:\program files\Common Files\iS3

2010-02-14 15:33 . 2010-02-14 18:53 -------- d-----w- c:\programdata\STOPzilla!

2010-02-14 13:46 . 2010-02-14 13:46 32768 ----a-w- c:\windows\system32\drivers\oko6.sys

2010-02-14 13:46 . 2010-02-14 13:46 102400 ----a-w- c:\windows\system32\oko6.dll

2010-02-14 13:45 . 2010-02-14 13:45 1 ----a-w- c:\windows\conf21113.dat

2010-02-12 14:25 . 2010-02-12 14:25 -------- d-----w- c:\program files\iPod

2010-02-12 14:25 . 2010-02-12 14:26 -------- d-----w- c:\program files\iTunes

2010-02-12 14:19 . 2010-02-12 14:19 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-02-03 19:22 . 2010-02-03 19:22 -------- d-----w- c:\program files\Logitech Touch Mouse Server

2010-01-17 21:08 . 2010-02-15 13:50 -------- d-----w- c:\users\Ben\AppData\Roaming\vlc

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-14 16:41 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-14 16:41 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-14 16:35 . 2010-02-14 16:35 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-02-14 16:07 . 2007-05-19 19:38 836 ----a-w- c:\windows\bthservsdp.dat

2010-02-13 21:12 . 2009-10-22 18:52 -------- d-----w- c:\users\Ben\AppData\Roaming\Skype

2010-02-13 20:21 . 2009-10-22 18:58 -------- d-----w- c:\users\Ben\AppData\Roaming\skypePM

2010-02-12 15:43 . 2008-03-30 20:51 -------- d-----w- c:\users\Ben\AppData\Roaming\uTorrent

2010-02-12 14:25 . 2008-11-10 21:34 -------- d-----w- c:\program files\Common Files\Apple

2010-02-11 03:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-02-03 12:37 . 2007-05-27 12:33 49009 ----a-w- c:\users\Ben\AppData\Roaming\nvModes.dat

2010-02-02 01:37 . 2009-10-20 22:38 -------- d-----w- c:\users\Ben\AppData\Roaming\dvdcss

2010-01-29 12:16 . 2009-09-23 12:04 -------- d-----w- c:\program files\QuickTime

2010-01-16 13:50 . 2010-01-16 13:50 -------- d-----w- c:\program files\Veetle

2010-01-14 11:12 . 2009-10-03 10:59 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-04 18:51 . 2010-01-04 18:51 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-28 12:35 . 2010-02-10 13:11 11776 ----a-w- c:\windows\system32\tsbyuv.dll

2009-12-28 12:35 . 2010-02-10 13:11 1314816 ----a-w- c:\windows\system32\quartz.dll

2009-12-28 12:32 . 2010-02-10 13:11 22528 ----a-w- c:\windows\system32\msyuv.dll

2009-12-28 12:32 . 2010-02-10 13:11 31744 ----a-w- c:\windows\system32\msvidc32.dll

2009-12-28 12:32 . 2010-02-10 13:11 123904 ----a-w- c:\windows\system32\msvfw32.dll

2009-12-28 12:32 . 2010-02-10 13:11 13312 ----a-w- c:\windows\system32\msrle32.dll

2009-12-28 12:31 . 2010-02-10 13:11 82944 ----a-w- c:\windows\system32\mciavi32.dll

2009-12-28 12:31 . 2010-02-10 13:11 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2009-12-28 12:28 . 2010-02-10 13:11 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-12-28 12:28 . 2010-02-10 13:11 65024 ----a-w- c:\windows\system32\avicap32.dll

2009-12-18 13:05 . 2010-01-21 23:20 833024 ----a-w- c:\windows\system32\wininet.dll

2009-12-18 13:01 . 2010-01-21 23:20 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-12-18 10:14 . 2010-01-21 23:20 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-11 12:07 . 2010-02-10 13:11 301568 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-11 12:07 . 2010-02-10 13:11 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys

2009-12-11 10:37 . 2007-05-27 12:29 76944 ----a-w- c:\users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-08 20:52 . 2010-02-10 13:11 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-12-08 20:52 . 2010-02-10 13:11 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-08 20:52 . 2010-02-10 13:11 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-04 16:12 . 2010-02-10 13:11 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2009-12-04 16:12 . 2010-02-10 13:11 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-12-04 10:03 . 2009-12-04 10:03 251376 ----a-w- c:\users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

2009-11-24 23:54 . 2008-09-11 00:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-24 23:49 . 2008-09-11 00:31 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-24 23:48 . 2008-09-11 00:31 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-24 23:47 . 2008-09-11 00:31 97480 ----a-w- c:\windows\system32\AvastSS.scr

2007-05-20 03:30 . 2007-05-20 03:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]

"Google Update"="c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-11 135664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk

backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Pinnacle Streaming Server.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Pinnacle Streaming Server.lnk

backup=c:\windows\pss\Pinnacle Streaming Server.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

backup=c:\windows\pss\QuickSet.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2006-11-12 01:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

2006-11-17 21:13 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]

2005-02-08 02:00 98304 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIACE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2007-05-19 20:17 240640 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2006-10-13 10:31 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]

2008-01-24 15:45 644368 ----a-w- c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-05-19 19:52 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2007-06-20 12:29 185784 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2009-05-19 23:26 3561720 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2007-05-14 22:22 35328 ----a-w- c:\program files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]

2007-01-24 11:21 563080 ----a-w- c:\windows\WindowsMobile\wmdc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11/09/2008 00:31 114768]

R1 oko6;oko6;c:\windows\System32\drivers\oko6.sys [14/02/2010 13:46 32768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11/09/2008 00:31 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11/09/2008 00:30 53328]

R2 okosrv;okosrv;c:\windows\sYSteM32\SvchOst.eXE -k okogrp [30/09/2008 00:17 21504]

S3 MODRC;DiBcom Infrared Receiver;c:\windows\System32\drivers\modrc.sys [03/01/2009 17:48 13824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

okogrp REG_MULTI_SZ okosrv

.

Contenu du dossier 'Tâches planifiées'

 

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3231033161-2971845996-1313068391-1000Core.job

- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-11 17:33]

 

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3231033161-2971845996-1313068391-1000UA.job

- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-11 17:33]

 

2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{E08CB09D-DA0C-45B5-AF7E-F8BE2ACC29EC}.job

- c:\windows\system32\msfeedssync.exe [2008-09-30 07:33]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://home.neuf.fr/

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\rieuroi0.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - plugin: c:\users\Ben\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-PMCRemote - (no file)

MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe

MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-15 14:17

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Heure de fin: 2010-02-15 14:22:55

ComboFix-quarantined-files.txt 2010-02-15 14:22

 

Avant-CF: 27 002 478 592 octets libres

Après-CF: 27 826 257 920 octets libres

 

- - End Of File - - 8B879093DF3AA578CCCE621974B0AE95