Jaffiche mon rapport pour regis searchweb2

Fermé
mike -  
 Utilisateur anonyme -
ogfile of HijackThis v1.99.1
Scan saved at 19:46:47, on 02/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\WINNT\explorer.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\poum\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sxwfrbprolzjxonaujwjc.com/f_YwjYPnZe_1ByT_zxGxeRjPKpvETkjZKhKBQgiSgfpvHI_88FveqMFNFjXt2N8T.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.czhpalrrxrsuzhslxci.com/f_YwjYPnZe_Yr26oroUWXvfwv33RvLeUaZFa7_wKvMs.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {74CE87D7-69C6-6200-205D-32730F8D1C04} - C:\DOCUME~1\poum\APPLIC~1\MEOWHI~1\manager keep.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D1D8EF24-D4AF-75F1-B7E0-FD786BBDAC86} - C:\WINNT\system32\ojwsjycz.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKLM\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKLM\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKLM\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKLM\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKLM\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKLM\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKLM\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKLM\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKLM\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKLM\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKLM\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKLM\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKLM\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKLM\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKLM\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKLM\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKLM\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKLM\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKLM\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKLM\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKLM\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKLM\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKLM\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKLM\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKLM\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKLM\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKLM\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKLM\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKLM\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKLM\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKLM\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKLM\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKLM\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKLM\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKLM\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKLM\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKLM\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKLM\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKLM\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKLM\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKLM\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKLM\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKLM\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKLM\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKLM\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKLM\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKLM\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKLM\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKLM\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKLM\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKLM\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKLM\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKLM\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKLM\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKLM\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKLM\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKLM\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKLM\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKLM\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKLM\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKLM\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKLM\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKLM\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKLM\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKLM\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKLM\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKLM\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKLM\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKLM\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKLM\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKLM\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKLM\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKLM\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKLM\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKLM\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKLM\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKLM\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKLM\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKLM\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKLM\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKLM\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKLM\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKLM\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKLM\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKLM\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKLM\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKLM\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKLM\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKLM\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKLM\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKLM\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKLM\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKLM\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKLM\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKLM\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKLM\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKLM\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKLM\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKLM\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKLM\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKLM\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKLM\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKLM\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKLM\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKLM\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKLM\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKLM\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKLM\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKLM\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UWFX5V_0001_LP] "C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe"
O4 - HKLM\..\Run: [Amok seek flaw view] C:\Documents and Settings\All Users\Application Data\Savenurbamokseek\Okay Delete.exe
O4 - HKCU\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKCU\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKCU\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKCU\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKCU\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKCU\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKCU\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKCU\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKCU\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKCU\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKCU\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKCU\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKCU\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKCU\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKCU\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKCU\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKCU\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKCU\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKCU\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKCU\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKCU\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKCU\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKCU\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKCU\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKCU\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKCU\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKCU\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKCU\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKCU\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKCU\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKCU\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKCU\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKCU\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKCU\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKCU\..\Run: [build city] C:\DOCUME~1\poum\APPLIC~1\DENTFU~1\soft axis.exe
O4 - HKCU\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKCU\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKCU\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKCU\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKCU\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKCU\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKCU\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKCU\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKCU\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKCU\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKCU\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKCU\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKCU\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKCU\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKCU\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKCU\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKCU\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKCU\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKCU\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKCU\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKCU\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKCU\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKCU\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKCU\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKCU\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKCU\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKCU\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKCU\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKCU\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKCU\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKCU\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKCU\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKCU\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKCU\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKCU\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKCU\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKCU\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKCU\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKCU\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKCU\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKCU\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKCU\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKCU\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKCU\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKCU\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKCU\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKCU\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKCU\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKCU\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKCU\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKCU\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKCU\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKCU\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKCU\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKCU\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKCU\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKCU\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKCU\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKCU\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKCU\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKCU\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKCU\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKCU\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKCU\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKCU\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKCU\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKCU\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKCU\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKCU\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKCU\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKCU\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKCU\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/fr_fr/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0D1A72-6FE9-408E-AD30-268EFCC71650}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs: PAVWAIT.DLL Œ*FX
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)

12 réponses

  1. Utilisateur anonyme
     
    salut
    ptin la vache, j ai jamais vu un truc pareil lol
    on va essayer de faire un peu de menage avant...

    Commence par scanner ton pc avec ces 2 anti spywares complémentaires :

    1/Spybot S&D 1.4 <<nouvelle version
    http://www.safer-networking.org/fr/index.htm

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/Ad-Aware SE 1.06 <<nouvelle version
    http://www.lavasoftusa.com/software/adaware/
    -Une aide:
    http://www.tutopat.com/viewtopic.php?t=1191
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/adawrevid.asf

    et supprime ce qu il trouve

    +

    Lance ce scan en ligne:
    http://www.bitdefender.com/scan/licence.php
    Copie/colle le rapport

    +

    Télécharge lopxp ici:

    http://cjoint.com/?kumvZSxxY4

    2) dezippe le (clic droit dessus > extraire tout)
    et lance lopxp.bat
    le bloc note va s'ouvrir, copie et colle le contenu ici

    A+

    0
  2. Utilisateur anonyme
     
    SALUT ICI,
    ben ca serait bien de mettre tous les rapports ici

    a+
    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    ben oué, mais sont partout ses logs
    pppffffffffffff
    0
  5. Utilisateur anonyme
     
    La, personnellement je suis perdu !! lol
    Il m a poster 3 rapports sur 3 postes differents lol
    Donc, je me repete, j aimerais 3rapports:
    -un nouvel hijack this
    -lopxp
    -et celui de bitdefender

    a+
    0
    1. mike
       
      voila regis jai mis mes 2 rappoort sauf celui de befinder jai essayer de virere searchweb2 en mode sans echec negatif as tu une solution help
      0
    2. seifer59
       
      salut regis ! moi aussi il i a search2 qui me pouri mon ordinateur il me ramen plein de pub avant sa me dérangai pa trop il me sufisait de les fermer mais la leurs site doit buger ou quoi les page sont bloquer je narive plus arien fermer je suis entrain de t'écrir avec la moitier de mon ecran masquer par cette @@@@@ alors jai fait se que tu as de mander voici mes trois raport jesper de tt coeur que tu m'aideras je suis un joueur de counter strike et malgres mon niveau c dur de killers avec une moitier d'écran merci davance!




      Logfile of HijackThis v1.99.1
      Scan saved at 21:24:09, on 01/11/2005
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\CheckFlow\Spy Shooter\4.5.0.1\FlowService.exe
      C:\WINDOWS\System32\tcpsvcs.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Apps\Powercinema\PCMService.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\Program Files\CheckFlow\Spy Shooter\FlowStarter.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Valve\Steam\Steam.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\DOCUME~1\Herry\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis_199[1].zip\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ftzocfdlthor.com/2vbqYW8kEyWmBdl8uJSN/No3U5hH9EhdkCSLMIlZeVt1po2AXbtCLhZtbBVjDmx7.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seifer59.skyblog.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.numericable.fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*http://fr.yahoo.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NUMERICABLE
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - Default URLSearchHook is missing
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
      O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - C:\PROGRA~1\ZEROPO~1\HTMLEdit.dll
      O2 - BHO: (no name) - {91D94F7C-0D62-8569-9D07-40EE3F166B99} - C:\DOCUME~1\Herry\APPLIC~1\LONGCR~1\Bits Bat.exe
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Herry\Application Data\sgrunt\IE4321.exe
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Documents and Settings\Herry\Mes documents\Downloads\Monitor.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
      O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Okay mpeg long sixth] C:\Documents and Settings\All Users\Application Data\User gpl okay mpeg\bits way.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [winmapi] C:\DOCUME~1\Herry\APPLIC~1\STOREB~1\RDRVGA.exe
      O4 - HKCU\..\Run: [Lwr4ROJ2W] vcd2gt.exe
      O4 - HKCU\..\Run: [wmir] C:\PROGRA~1\COMMON~1\wmir\wmirm.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Spy Shooter 4.5.lnk = C:\Program Files\CheckFlow\Spy Shooter\FlowStarter.exe
      O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http:\\www.numericable.fr
      O15 - Trusted Zone: www.skymasters.biz
      O15 - Trusted Zone: www.xbeta69.com
      O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab
      O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
      O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
      O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
      O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.41optYplkOmji/SpySpotterCabInstall.cab
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: FlowProtectorService - Unknown owner - C:\Program Files\CheckFlow\Spy Shooter\4.5.0.1\FlowService.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


      _______________________________________________________________________________

      BitDefender Online Scanner - Real Time Virus Report



      Generated at: Tue, Nov 01, 2005 - 21:18:34


      --------------------------------------------------------------------------------





      Scan Info



      Scanned Files
      14766

      Infected Files
      0








      Virus Detected



      No virus found.











      --------------------------------------------------------------------------------



      This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.





      Rapport fait à 21:21:57,43 le 01/11/2005

      Le volume dans le lecteur C s'appelle HDD
      Le num‚ro de s‚rie du volume est E027-9A50

      R‚pertoire de C:\Documents and Settings\All Users\Application Data

      01/11/2005 20:16 <REP> Spybot - Search & Destroy
      30/07/2005 16:30 <REP> Windows Genuine Advantage
      04/07/2005 14:14 <REP> Viewpoint
      10/06/2005 02:04 <REP> InstallShield
      10/06/2005 00:42 <REP> Ulead Systems
      05/05/2005 14:33 <REP> pixelStorm
      10/04/2005 13:52 <REP> Messenger Plus!
      10/04/2005 13:51 <REP> User gpl okay mpeg
      26/03/2005 19:34 <REP> MSN6
      26/03/2005 14:12 <REP> Adobe
      22/03/2005 09:13 <REP> Symantec
      22/03/2005 08:00 <REP> QuickTime
      30/09/2002 14:00 <REP> SBSI
      30/09/2002 12:55 62 desktop.ini
      30/09/2002 12:54 <REP> Microsoft
      30/09/2002 12:54 <REP> .
      30/09/2002 12:54 <REP> ..
      1 fichier(s) 62 octets
      16 R‚p(s) 114493321216 octets libres
      Le volume dans le lecteur C s'appelle HDD
      Le num‚ro de s‚rie du volume est E027-9A50

      R‚pertoire de C:\Documents and Settings\cadet\Application Data

      05/07/2005 16:10 <REP> ShopperReports
      05/07/2005 16:09 <REP> HbTools
      28/03/2005 16:51 <REP> Macromedia
      28/03/2005 16:49 62 desktop.ini
      28/03/2005 16:49 <REP> Identities
      28/03/2005 16:49 <REP> Microsoft
      28/03/2005 16:49 <REP> Real
      28/03/2005 16:49 <REP> .
      28/03/2005 16:49 <REP> ..
      1 fichier(s) 62 octets
      8 R‚p(s) 114493308928 octets libres
      Le volume dans le lecteur C s'appelle HDD
      Le num‚ro de s‚rie du volume est E027-9A50

      R‚pertoire de C:\Documents and Settings\Default User\Application Data

      22/03/2005 08:08 <REP> Identities
      22/03/2005 08:08 <REP> Real
      30/09/2002 12:55 62 desktop.ini
      30/09/2002 12:54 <REP> Microsoft
      30/09/2002 12:54 <REP> ..
      30/09/2002 12:54 <REP> .
      1 fichier(s) 62 octets
      5 R‚p(s) 114493308928 octets libres
      Le volume dans le lecteur C s'appelle HDD
      Le num‚ro de s‚rie du volume est E027-9A50

      R‚pertoire de C:\Documents and Settings\Herry\Application Data

      01/11/2005 20:31 <REP> Lavasoft
      26/10/2005 13:33 <REP> Checkflow
      12/10/2005 11:32 <REP> Longcreative
      01/08/2005 06:39 <REP> Registry Cleaner
      10/06/2005 02:03 <REP> Jasc Software Inc
      10/06/2005 00:46 <REP> Ulead Systems
      29/05/2005 13:58 <REP> StoreByte
      11/05/2005 16:26 <REP> Sun
      21/04/2005 20:31 <REP> Shareaza
      21/04/2005 14:08 <REP> Talkback
      21/04/2005 14:08 <REP> Mozilla
      10/04/2005 13:19 <REP> Yahoo!
      05/04/2005 00:39 <REP> Help
      03/04/2005 00:20 <REP> Yahoo! Messenger
      26/03/2005 22:57 <REP> Macromedia
      26/03/2005 19:34 <REP> MSN6
      26/03/2005 14:19 <REP> AdobeUM
      26/03/2005 14:19 <REP> Adobe
      26/03/2005 13:53 <REP> Microsoft Web Folders
      22/03/2005 11:24 <REP> CyberLink
      22/03/2005 09:13 <REP> Symantec
      22/03/2005 08:08 62 desktop.ini
      22/03/2005 08:08 <REP> Identities
      22/03/2005 08:08 <REP> ..
      22/03/2005 08:08 <REP> Microsoft
      22/03/2005 08:08 <REP> Real
      22/03/2005 08:08 <REP> .
      1 fichier(s) 62 octets
      26 R‚p(s) 114493308928 octets libres
      Le volume dans le lecteur C s'appelle HDD
      Le num‚ro de s‚rie du volume est E027-9A50

      R‚pertoire de C:\Documents and Settings\HERY\Application Data

      22/03/2005 11:47 62 desktop.ini
      22/03/2005 11:47 <REP> Identities
      22/03/2005 11:47 <REP> Microsoft
      22/03/2005 11:47 <REP> ..
      22/03/2005 11:47 <REP> Real
      22/03/2005 11:47 <REP> .
      1 fichier(s) 62 octets
      5 R‚p(s) 114493304832 octets libres
      Le volume dans le lecteur C s'appelle HDD
      Le num‚ro de s‚rie du volume est E027-9A50

      R‚pertoire de C:\Documents and Settings\JULIEN\Application Data

      26/03/2005 13:41 62 desktop.ini
      26/03/2005 13:41 <REP> Identities
      26/03/2005 13:41 <REP> ..
      26/03/2005 13:41 <REP> Microsoft
      26/03/2005 13:41 <REP> Real
      26/03/2005 13:41 <REP> .
      1 fichier(s) 62 octets
      5 R‚p(s) 114493304832 octets libres
      Le volume dans le lecteur C s'appelle HDD
      Le num‚ro de s‚rie du volume est E027-9A50

      R‚pertoire de C:\Documents and Settings\LUCAS\Application Data

      27/03/2005 20:54 <REP> Macromedia
      26/03/2005 13:40 62 desktop.ini
      26/03/2005 13:40 <REP> Identities
      26/03/2005 13:40 <REP> Microsoft
      26/03/2005 13:40 <REP> ..
      26/03/2005 13:40 <REP> Real
      26/03/2005 13:40 <REP> .
      1 fichier(s) 62 octets
      6 R‚p(s) 114493304832 octets libres
      Le volume dans le lecteur C s'appelle HDD
      Le num‚ro de s‚rie du volume est E027-9A50

      R‚pertoire de C:\Documents and Settings\Propri‚taire

      Le volume dans le lecteur C s'appelle HDD
      Le num‚ro de s‚rie du volume est E027-9A50

      R‚pertoire de C:\Documents and Settings\ZAKA\Application Data

      11/04/2005 15:51 <REP> Macromedia
      11/04/2005 15:47 62 desktop.ini
      11/04/2005 15:47 <REP> Identities
      11/04/2005 15:47 <REP> ..
      11/04/2005 15:47 <REP> Microsoft
      11/04/2005 15:47 <REP> Real
      11/04/2005 15:47 <REP> .
      1 fichier(s) 62 octets
      6 R‚p(s) 114493304832 octets libres
      ******************************************
      Recherche des taches planifiées dans C:\WINDOWS\tasks

      Le volume dans le lecteur C s'appelle HDD
      Le num‚ro de s‚rie du volume est E027-9A50

      R‚pertoire de C:\WINDOWS\Tasks

      12/10/2005 11:32 260 ABB625299185D885.job
      22/03/2005 11:51 364 Symantec NetDetect.job
      30/09/2002 13:04 6 SA.DAT
      30/09/2002 13:02 <REP> ..
      30/09/2002 13:02 <REP> .
      30/09/2002 12:49 65 desktop.ini
      4 fichier(s) 695 octets
      2 R‚p(s) 114ÿ493ÿ304ÿ832 octets libres

      ******************************************
      Recherche dans Program files

      Le dossier C:\Program Files\C2Media n'existe pas

      *************** Fin du rapport ****************
      0
      1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280 > seifer59
         
        B'soir

        Tu devrais créer ton post à TOI, car ceux qui interviennent n'y comprennent plus rien.
        Et surtout ça les énerve.
        A+
        0
      2. seifer59 > ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention  
         
        salut désoler de vous avoir mis la confusion mais c'est la premier fois que je suis obliger d'aller sur un forum pour résoudre mes problem informatique donc je ne sais meme pa c quoi un poste sur un forum regis serais t-il posible que je tenvoie mes raport par email?
        0
  6. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    COMMENT?????????????????????

    LOL
    0
  7. mike suite
     
    file of HijackThis v1.99.1
    Scan saved at 10:54:05, on 03/10/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\SYSTEM32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINNT\System32\mnmsrvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\poum\LOCALS~1\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sxwfrbprolzjxonaujwjc.com/f_YwjYPnZe_1ByT_zxGxeRjPKpvETkjZKhKBQgiSgfpvHI_88FveqMFNFjXt2N8T.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abzfgizitavpb.com/f_YwjYPnZe_Yr26oroUWXkO7vCiqHKoKaZFa7_wKvMs.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*https://fr.yahoo.com/?p=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {74CE87D7-69C6-6200-205D-32730F8D1C04} - C:\DOCUME~1\poum\APPLIC~1\MEOWHI~1\manager keep.exe (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {D1D8EF24-D4AF-75F1-B7E0-FD786BBDAC86} - C:\WINNT\system32\ojwsjycz.dll (file missing)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
    O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
    O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
    O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
    O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
    O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
    O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
    O4 - HKLM\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
    O4 - HKLM\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
    O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
    O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
    O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
    O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
    O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
    O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKLM\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
    O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
    O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKLM\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
    O4 - HKLM\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
    O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKLM\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
    O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
    O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
    O4 - HKLM\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
    O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
    O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
    O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
    O4 - HKLM\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
    O4 - HKLM\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
    O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
    O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
    O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
    O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
    O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
    O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
    O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
    O4 - HKLM\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
    O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
    O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
    O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
    O4 - HKLM\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
    O4 - HKLM\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
    O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
    O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
    O4 - HKLM\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
    O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
    O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
    O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
    O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
    O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
    O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
    O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
    O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
    O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
    O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
    O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
    O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
    O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
    O4 - HKLM\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
    O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
    O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
    O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
    O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
    O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
    O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
    O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
    O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
    O4 - HKLM\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
    O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
    O4 - HKLM\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
    O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
    O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKLM\..\Run: [} el] c:\WINNT\System32\} else {
    O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - HKLM\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
    O4 - HKLM\..\Run: [var strT] c:\WINNT\System32\var strTemp;
    O4 - HKLM\..\Run: [var strP] c:\WINNT\System32\var strPort;
    O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
    O4 - HKLM\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
    O4 - HKLM\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
    O4 - HKLM\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
    O4 - HKLM\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
    O4 - HKLM\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
    O4 - HKLM\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
    O4 - HKLM\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
    O4 - HKLM\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
    O4 - HKLM\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
    O4 - HKLM\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
    O4 - HKLM\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
    O4 - HKLM\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
    O4 - HKLM\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
    O4 - HKLM\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
    O4 - HKLM\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
    O4 - HKLM\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
    O4 - HKLM\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
    O4 - HKLM\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
    O4 - HKLM\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
    O4 - HKLM\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
    O4 - HKLM\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
    O4 - HKLM\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
    O4 - HKLM\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
    O4 - HKLM\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
    O4 - HKLM\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
    O4 - HKLM\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
    O4 - HKLM\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
    O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
    O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
    O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
    O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
    O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
    O4 - HKLM\..\Run: [bo] c:\WINNT\System32\body {
    O4 - HKLM\..\Run: [#head] c:\WINNT\System32\#header {
    O4 - HKLM\..\Run: [#ma] c:\WINNT\System32\#main {
    O4 - HKLM\..\Run: [#htit] c:\WINNT\System32\#htitle {
    O4 - HKLM\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
    O4 - HKLM\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
    O4 - HKLM\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
    O4 - HKLM\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
    O4 - HKLM\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
    O4 - HKLM\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
    O4 - HKLM\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
    O4 - HKLM\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
    O4 - HKLM\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
    O4 - HKLM\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
    O4 - HKLM\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
    O4 - HKLM\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
    O4 - HKLM\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
    O4 - HKLM\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
    O4 - HKLM\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
    O4 - HKLM\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
    O4 - HKLM\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
    O4 - HKLM\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
    O4 - HKLM\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
    O4 - HKLM\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
    O4 - HKLM\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
    O4 - HKLM\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
    O4 - HKLM\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
    O4 - HKLM\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
    O4 - HKLM\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
    O4 - HKLM\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
    O4 - HKLM\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
    O4 - HKLM\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
    O4 - HKLM\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
    O4 - HKLM\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
    O4 - HKLM\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
    O4 - HKLM\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
    O4 - HKLM\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
    O4 - HKLM\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
    O4 - HKLM\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
    O4 - HKLM\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
    O4 - HKLM\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
    O4 - HKLM\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
    O4 - HKLM\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
    O4 - HKLM\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
    O4 - HKLM\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
    O4 - HKLM\..\Run: [.sevil] c:\WINNT\System32\.seville {
    O4 - HKLM\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
    O4 - HKLM\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
    O4 - HKLM\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
    O4 - HKLM\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
    O4 - HKLM\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
    O4 - HKLM\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
    O4 - HKLM\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
    O4 - HKLM\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
    O4 - HKLM\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
    O4 - HKLM\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
    O4 - HKLM\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
    O4 - HKLM\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
    O4 - HKLM\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
    O4 - HKLM\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
    O4 - HKLM\..\Run: [.popular] c:\WINNT\System32\.popular a {
    O4 - HKLM\..\Run: [.popul] c:\WINNT\System32\.popular {
    O4 - HKLM\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
    O4 - HKLM\..\Run: [#sear] c:\WINNT\System32\#search {
    O4 - HKLM\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
    O4 - HKLM\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
    O4 - HKLM\..\Run: [#search lab] c:\WINNT\System32\#search label {
    O4 - HKLM\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
    O4 - HKLM\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
    O4 - HKLM\..\Run: [#popb] c:\WINNT\System32\#popbot {
    O4 - HKLM\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
    O4 - HKLM\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NI.UWFX5V_0001_LP] "C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe"
    O4 - HKLM\..\Run: [Amok seek flaw view] C:\Documents and Settings\All Users\Application Data\Savenurbamokseek\Okay Delete.exe
    O4 - HKCU\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
    O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
    O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
    O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
    O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
    O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
    O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
    O4 - HKCU\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
    O4 - HKCU\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
    O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
    O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
    O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
    O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
    O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
    O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKCU\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
    O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
    O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKCU\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
    O4 - HKCU\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
    O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKCU\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
    O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
    O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
    O4 - HKCU\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
    O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
    O4 - HKCU\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
    O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
    O4 - HKCU\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
    O4 - HKCU\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
    O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
    O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
    O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
    O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
    O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
    O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
    O4 - HKCU\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
    O4 - HKCU\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
    O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
    O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
    O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
    O4 - HKCU\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
    O4 - HKCU\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
    O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
    O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
    O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
    O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
    O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
    O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
    O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
    O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
    O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
    O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
    O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
    O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
    O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
    O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
    O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
    O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
    O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
    O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
    O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
    O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
    O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
    O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
    O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
    O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
    O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
    O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
    O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
    O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
    O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
    O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
    O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
    O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
    O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
    O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
    O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
    O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
    O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
    O4 - HKCU\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
    O4 - HKCU\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
    O4 - HKCU\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
    O4 - HKCU\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
    O4 - HKCU\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
    O4 - HKCU\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
    O4 - HKCU\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
    O4 - HKCU\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
    O4 - HKCU\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
    O4 - HKCU\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
    O4 - HKCU\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
    O4 - HKCU\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
    O4 - HKCU\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
    O4 - HKCU\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
    O4 - HKCU\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
    O4 - HKCU\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
    O4 - HKCU\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
    O4 - HKCU\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
    O4 - HKCU\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
    O4 - HKCU\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
    O4 - HKCU\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
    O4 - HKCU\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
    O4 - HKCU\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
    O4 - HKCU\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
    O4 - HKCU\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
    O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
    O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
    O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
    O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
    O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
    O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
    O4 - HKCU\..\Run: [build city] C:\DOCUME~1\poum\APPLIC~1\DENTFU~1\soft axis.exe
    O4 - HKCU\..\Run: [bo] c:\WINNT\System32\body {
    O4 - HKCU\..\Run: [#head] c:\WINNT\System32\#header {
    O4 - HKCU\..\Run: [#ma] c:\WINNT\System32\#main {
    O4 - HKCU\..\Run: [#htit] c:\WINNT\System32\#htitle {
    O4 - HKCU\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
    O4 - HKCU\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
    O4 - HKCU\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
    O4 - HKCU\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
    O4 - HKCU\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
    O4 - HKCU\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
    O4 - HKCU\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
    O4 - HKCU\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
    O4 - HKCU\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
    O4 - HKCU\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
    O4 - HKCU\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
    O4 - HKCU\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
    O4 - HKCU\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
    O4 - HKCU\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
    O4 - HKCU\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
    O4 - HKCU\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
    O4 - HKCU\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
    O4 - HKCU\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
    O4 - HKCU\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
    O4 - HKCU\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
    O4 - HKCU\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
    O4 - HKCU\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
    O4 - HKCU\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
    O4 - HKCU\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
    O4 - HKCU\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
    O4 - HKCU\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
    O4 - HKCU\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
    O4 - HKCU\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
    O4 - HKCU\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
    O4 - HKCU\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
    O4 - HKCU\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
    O4 - HKCU\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
    O4 - HKCU\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
    O4 - HKCU\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
    O4 - HKCU\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
    O4 - HKCU\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
    O4 - HKCU\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
    O4 - HKCU\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
    O4 - HKCU\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
    O4 - HKCU\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
    O4 - HKCU\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
    O4 - HKCU\..\Run: [.sevil] c:\WINNT\System32\.seville {
    O4 - HKCU\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
    O4 - HKCU\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
    O4 - HKCU\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
    O4 - HKCU\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
    O4 - HKCU\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
    O4 - HKCU\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
    O4 - HKCU\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
    O4 - HKCU\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
    O4 - HKCU\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
    O4 - HKCU\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
    O4 - HKCU\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
    O4 - HKCU\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
    O4 - HKCU\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
    O4 - HKCU\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
    O4 - HKCU\..\Run: [.popular] c:\WINNT\System32\.popular a {
    O4 - HKCU\..\Run: [.popul] c:\WINNT\System32\.popular {
    O4 - HKCU\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
    O4 - HKCU\..\Run: [#sear] c:\WINNT\System32\#search {
    O4 - HKCU\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
    O4 - HKCU\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
    O4 - HKCU\..\Run: [#search lab] c:\WINNT\System32\#search label {
    O4 - HKCU\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
    O4 - HKCU\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
    O4 - HKCU\..\Run: [#popb] c:\WINNT\System32\#popbot {
    O4 - HKCU\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
    O4 - HKCU\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
    O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/fr_fr/forHome/products/housecall.html
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0D1A72-6FE9-408E-AD30-268EFCC71650}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.130 80.10.246.3
    O20 - AppInit_DLLs: PAVWAIT.DLL Œ*FX
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)

    voici le apport fait à 15:49:06.38 le lun. 03/10/2005

    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\administrateur\Application Data

    22/12/2004 02:11 <DIR> Macromedia
    01/04/2003 14:46 2352 mpauth.dat
    22/06/2002 18:13 <DIR> Help
    21/06/2002 19:03 <DIR> Symantec
    31/08/2001 12:12 <DIR> Adobe
    31/08/2001 12:12 <DIR> InterTrust
    06/08/2001 18:05 <DIR> Identities
    06/08/2001 18:04 <DIR> Microsoft
    06/08/2001 18:04 <DIR> ..
    06/08/2001 18:04 <DIR> .
    05/01/1997 21:09 <DIR> {2CF0B992-5EEB-4143-99C2-5297EF71F44B}
    1 fichier(s) 2352 octets
    10 R‚p(s) 298139648 octets libres
    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\All Users\Application Data

    28/09/2005 07:03 <DIR> Spybot - Search & Destroy
    04/04/2005 01:47 <DIR> Messenger Plus!
    04/04/2005 01:42 <DIR> Savenurbamokseek
    24/09/2002 10:20 <DIR> OLYMPUS
    24/09/2002 09:57 <DIR> QuickTime
    25/04/2002 11:43 <DIR> Symantec
    05/08/2001 17:10 <DIR> Microsoft
    05/08/2001 16:59 <DIR> ..
    05/08/2001 16:59 <DIR> .
    0 fichier(s) 0 octets
    9 R‚p(s) 298139648 octets libres
    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\Default User\Application Data

    15/10/2003 09:14 <DIR> Symantec
    05/08/2001 16:59 <DIR> ..
    05/08/2001 16:59 <DIR> .
    05/08/2001 16:19 <DIR> Microsoft
    0 fichier(s) 0 octets
    4 R‚p(s) 298139648 octets libres
    Le volume dans le lecteur C s'appell
    0
  8. Utilisateur anonyme
     
    salut seifer
    je suis completement perdu dans ce poste a poster partout et n importe ou lol

    Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
    Procèdes comme ceci :
    http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

    A bientôt
    0
  9. Utilisateur anonyme
     
    salut
    j aimerais bien resoudre ton soucis !!!

    Poste moi un rapport hijack this + lopxp stp
    On devrait s en sortir

    a+
    0
    1. seifer59
       
      je doit metre mon raport ala suite de se message?
      0
  10. Utilisateur anonyme
     
    salut seifer
    Procèdes comme ceci :
    http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

    tu comprends pas comment?

    a+
    0
    1. seifer59
       
      resalut regis je te remerci du fond du coeur de mavoir acorder du temps et d'avoir u l'intention de m'aider mais un de mes contact msn a résolut mon problem de la bar bleu :enfet cette @@@@@@@ est un sponsor de msn+ et lors de linstalation de msn+ il demande si lon veut ou non bénéficier des sponsor en cochant une case .mais mon msn + a été suprimer un des 9 logiciel que g télécharger dans le but de me débarasser des pub et il a été reconu com étant un spywar alors je les retélécharger puis instaler et désinstaler et lors de la désinstalation j'ai demander quil enleve les sponsor .je suis sur que mon ordinateur est encor rempli de probleme donc je vais surement revenir tembeter encor un peu :p mais pour le moment je voulais juste me débarasser de cette bar pour pouvoir me livré a ma passion de counter strike encor merci et a+
      0
  11. Utilisateur anonyme
     
    salut,
    ben j allais te regler cela a vrai dire si t avais creer ton propre poste !

    a+
    0