Sujet Précédent Sujet Suivant

Jaffiche mon rapport pour regis searchweb2

Fermé
mike -  
 Utilisateur anonyme -
ogfile of HijackThis v1.99.1
Scan saved at 19:46:47, on 02/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\WINNT\explorer.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\poum\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sxwfrbprolzjxonaujwjc.com/f_YwjYPnZe_1ByT_zxGxeRjPKpvETkjZKhKBQgiSgfpvHI_88FveqMFNFjXt2N8T.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.czhpalrrxrsuzhslxci.com/f_YwjYPnZe_Yr26oroUWXvfwv33RvLeUaZFa7_wKvMs.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {74CE87D7-69C6-6200-205D-32730F8D1C04} - C:\DOCUME~1\poum\APPLIC~1\MEOWHI~1\manager keep.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D1D8EF24-D4AF-75F1-B7E0-FD786BBDAC86} - C:\WINNT\system32\ojwsjycz.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKLM\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKLM\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKLM\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKLM\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKLM\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKLM\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKLM\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKLM\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKLM\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKLM\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKLM\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKLM\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKLM\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKLM\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKLM\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKLM\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKLM\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKLM\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKLM\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKLM\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKLM\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKLM\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKLM\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKLM\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKLM\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKLM\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKLM\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKLM\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKLM\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKLM\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKLM\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKLM\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKLM\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKLM\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKLM\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKLM\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKLM\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKLM\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKLM\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKLM\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKLM\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKLM\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKLM\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKLM\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKLM\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKLM\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKLM\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKLM\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKLM\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKLM\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKLM\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKLM\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKLM\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKLM\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKLM\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKLM\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKLM\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKLM\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKLM\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKLM\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKLM\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKLM\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKLM\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKLM\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKLM\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKLM\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKLM\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKLM\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKLM\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKLM\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKLM\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKLM\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKLM\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKLM\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKLM\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKLM\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKLM\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKLM\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKLM\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKLM\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKLM\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKLM\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKLM\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKLM\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKLM\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKLM\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKLM\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKLM\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKLM\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKLM\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKLM\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKLM\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKLM\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKLM\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKLM\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKLM\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKLM\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKLM\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKLM\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKLM\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKLM\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKLM\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKLM\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKLM\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKLM\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKLM\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKLM\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKLM\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKLM\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UWFX5V_0001_LP] "C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe"
O4 - HKLM\..\Run: [Amok seek flaw view] C:\Documents and Settings\All Users\Application Data\Savenurbamokseek\Okay Delete.exe
O4 - HKCU\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKCU\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKCU\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKCU\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKCU\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKCU\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKCU\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKCU\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKCU\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKCU\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKCU\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKCU\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKCU\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKCU\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKCU\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKCU\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKCU\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKCU\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKCU\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKCU\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKCU\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKCU\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKCU\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKCU\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKCU\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKCU\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKCU\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKCU\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKCU\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKCU\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKCU\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKCU\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKCU\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKCU\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKCU\..\Run: [build city] C:\DOCUME~1\poum\APPLIC~1\DENTFU~1\soft axis.exe
O4 - HKCU\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKCU\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKCU\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKCU\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKCU\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKCU\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKCU\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKCU\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKCU\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKCU\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKCU\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKCU\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKCU\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKCU\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKCU\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKCU\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKCU\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKCU\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKCU\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKCU\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKCU\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKCU\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKCU\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKCU\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKCU\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKCU\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKCU\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKCU\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKCU\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKCU\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKCU\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKCU\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKCU\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKCU\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKCU\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKCU\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKCU\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKCU\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKCU\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKCU\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKCU\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKCU\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKCU\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKCU\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKCU\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKCU\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKCU\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKCU\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKCU\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKCU\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKCU\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKCU\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKCU\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKCU\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKCU\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKCU\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKCU\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKCU\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKCU\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKCU\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKCU\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKCU\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKCU\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKCU\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKCU\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKCU\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKCU\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKCU\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKCU\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKCU\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKCU\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKCU\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/fr_fr/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0D1A72-6FE9-408E-AD30-268EFCC71650}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs: PAVWAIT.DLL Œ*FX
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)

12 réponses

Réponse 1 / 12
Utilisateur anonyme
 
salut
ptin la vache, j ai jamais vu un truc pareil lol
on va essayer de faire un peu de menage avant...

Commence par scanner ton pc avec ces 2 anti spywares complémentaires :

1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.htm

Démo d’utilisation (merci à Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf

et supprime ce qu il trouve

+

Lance ce scan en ligne:
http://www.bitdefender.com/scan/licence.php
Copie/colle le rapport

+

Télécharge lopxp ici:

http://cjoint.com/?kumvZSxxY4

2) dezippe le (clic droit dessus > extraire tout)
et lance lopxp.bat
le bloc note va s'ouvrir, copie et colle le contenu ici

A+

0
Réponse 2 / 12
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 279
 
http://www.commentcamarche.net/forum/affich-1886541-pour-regis59-nouveau-rapport#0
0
Réponse 3 / 12
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 279
 
http://www.commentcamarche.net/forum/affich-1886541-pour-regis59-nouveau-rapport
0
Réponse 4 / 12
Utilisateur anonyme
 
SALUT ICI,
ben ca serait bien de mettre tous les rapports ici

a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 279
 
ben oué, mais sont partout ses logs
pppffffffffffff
0
Réponse 6 / 12
Utilisateur anonyme
 
La, personnellement je suis perdu !! lol
Il m a poster 3 rapports sur 3 postes differents lol
Donc, je me repete, j aimerais 3rapports:
-un nouvel hijack this
-lopxp
-et celui de bitdefender

a+
0
mike
 
voila regis jai mis mes 2 rappoort sauf celui de befinder jai essayer de virere searchweb2 en mode sans echec negatif as tu une solution help
0
seifer59
 
salut regis ! moi aussi il i a search2 qui me pouri mon ordinateur il me ramen plein de pub avant sa me dérangai pa trop il me sufisait de les fermer mais la leurs site doit buger ou quoi les page sont bloquer je narive plus arien fermer je suis entrain de t'écrir avec la moitier de mon ecran masquer par cette @@@@@ alors jai fait se que tu as de mander voici mes trois raport jesper de tt coeur que tu m'aideras je suis un joueur de counter strike et malgres mon niveau c dur de killers avec une moitier d'écran merci davance!




Logfile of HijackThis v1.99.1
Scan saved at 21:24:09, on 01/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CheckFlow\Spy Shooter\4.5.0.1\FlowService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\CheckFlow\Spy Shooter\FlowStarter.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Valve\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Herry\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis_199[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ftzocfdlthor.com/2vbqYW8kEyWmBdl8uJSN/No3U5hH9EhdkCSLMIlZeVt1po2AXbtCLhZtbBVjDmx7.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seifer59.skyblog.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.numericable.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NUMERICABLE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - C:\PROGRA~1\ZEROPO~1\HTMLEdit.dll
O2 - BHO: (no name) - {91D94F7C-0D62-8569-9D07-40EE3F166B99} - C:\DOCUME~1\Herry\APPLIC~1\LONGCR~1\Bits Bat.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Herry\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Documents and Settings\Herry\Mes documents\Downloads\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Okay mpeg long sixth] C:\Documents and Settings\All Users\Application Data\User gpl okay mpeg\bits way.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [winmapi] C:\DOCUME~1\Herry\APPLIC~1\STOREB~1\RDRVGA.exe
O4 - HKCU\..\Run: [Lwr4ROJ2W] vcd2gt.exe
O4 - HKCU\..\Run: [wmir] C:\PROGRA~1\COMMON~1\wmir\wmirm.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Spy Shooter 4.5.lnk = C:\Program Files\CheckFlow\Spy Shooter\FlowStarter.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http:\\www.numericable.fr
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.xbeta69.com
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.41optYplkOmji/SpySpotterCabInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FlowProtectorService - Unknown owner - C:\Program Files\CheckFlow\Spy Shooter\4.5.0.1\FlowService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


_______________________________________________________________________________

BitDefender Online Scanner - Real Time Virus Report



Generated at: Tue, Nov 01, 2005 - 21:18:34


--------------------------------------------------------------------------------





Scan Info



Scanned Files
14766

Infected Files
0








Virus Detected



No virus found.











--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.





Rapport fait à 21:21:57,43 le 01/11/2005

Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est E027-9A50

R‚pertoire de C:\Documents and Settings\All Users\Application Data

01/11/2005 20:16 <REP> Spybot - Search & Destroy
30/07/2005 16:30 <REP> Windows Genuine Advantage
04/07/2005 14:14 <REP> Viewpoint
10/06/2005 02:04 <REP> InstallShield
10/06/2005 00:42 <REP> Ulead Systems
05/05/2005 14:33 <REP> pixelStorm
10/04/2005 13:52 <REP> Messenger Plus!
10/04/2005 13:51 <REP> User gpl okay mpeg
26/03/2005 19:34 <REP> MSN6
26/03/2005 14:12 <REP> Adobe
22/03/2005 09:13 <REP> Symantec
22/03/2005 08:00 <REP> QuickTime
30/09/2002 14:00 <REP> SBSI
30/09/2002 12:55 62 desktop.ini
30/09/2002 12:54 <REP> Microsoft
30/09/2002 12:54 <REP> .
30/09/2002 12:54 <REP> ..
1 fichier(s) 62 octets
16 R‚p(s) 114493321216 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est E027-9A50

R‚pertoire de C:\Documents and Settings\cadet\Application Data

05/07/2005 16:10 <REP> ShopperReports
05/07/2005 16:09 <REP> HbTools
28/03/2005 16:51 <REP> Macromedia
28/03/2005 16:49 62 desktop.ini
28/03/2005 16:49 <REP> Identities
28/03/2005 16:49 <REP> Microsoft
28/03/2005 16:49 <REP> Real
28/03/2005 16:49 <REP> .
28/03/2005 16:49 <REP> ..
1 fichier(s) 62 octets
8 R‚p(s) 114493308928 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est E027-9A50

R‚pertoire de C:\Documents and Settings\Default User\Application Data

22/03/2005 08:08 <REP> Identities
22/03/2005 08:08 <REP> Real
30/09/2002 12:55 62 desktop.ini
30/09/2002 12:54 <REP> Microsoft
30/09/2002 12:54 <REP> ..
30/09/2002 12:54 <REP> .
1 fichier(s) 62 octets
5 R‚p(s) 114493308928 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est E027-9A50

R‚pertoire de C:\Documents and Settings\Herry\Application Data

01/11/2005 20:31 <REP> Lavasoft
26/10/2005 13:33 <REP> Checkflow
12/10/2005 11:32 <REP> Longcreative
01/08/2005 06:39 <REP> Registry Cleaner
10/06/2005 02:03 <REP> Jasc Software Inc
10/06/2005 00:46 <REP> Ulead Systems
29/05/2005 13:58 <REP> StoreByte
11/05/2005 16:26 <REP> Sun
21/04/2005 20:31 <REP> Shareaza
21/04/2005 14:08 <REP> Talkback
21/04/2005 14:08 <REP> Mozilla
10/04/2005 13:19 <REP> Yahoo!
05/04/2005 00:39 <REP> Help
03/04/2005 00:20 <REP> Yahoo! Messenger
26/03/2005 22:57 <REP> Macromedia
26/03/2005 19:34 <REP> MSN6
26/03/2005 14:19 <REP> AdobeUM
26/03/2005 14:19 <REP> Adobe
26/03/2005 13:53 <REP> Microsoft Web Folders
22/03/2005 11:24 <REP> CyberLink
22/03/2005 09:13 <REP> Symantec
22/03/2005 08:08 62 desktop.ini
22/03/2005 08:08 <REP> Identities
22/03/2005 08:08 <REP> ..
22/03/2005 08:08 <REP> Microsoft
22/03/2005 08:08 <REP> Real
22/03/2005 08:08 <REP> .
1 fichier(s) 62 octets
26 R‚p(s) 114493308928 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est E027-9A50

R‚pertoire de C:\Documents and Settings\HERY\Application Data

22/03/2005 11:47 62 desktop.ini
22/03/2005 11:47 <REP> Identities
22/03/2005 11:47 <REP> Microsoft
22/03/2005 11:47 <REP> ..
22/03/2005 11:47 <REP> Real
22/03/2005 11:47 <REP> .
1 fichier(s) 62 octets
5 R‚p(s) 114493304832 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est E027-9A50

R‚pertoire de C:\Documents and Settings\JULIEN\Application Data

26/03/2005 13:41 62 desktop.ini
26/03/2005 13:41 <REP> Identities
26/03/2005 13:41 <REP> ..
26/03/2005 13:41 <REP> Microsoft
26/03/2005 13:41 <REP> Real
26/03/2005 13:41 <REP> .
1 fichier(s) 62 octets
5 R‚p(s) 114493304832 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est E027-9A50

R‚pertoire de C:\Documents and Settings\LUCAS\Application Data

27/03/2005 20:54 <REP> Macromedia
26/03/2005 13:40 62 desktop.ini
26/03/2005 13:40 <REP> Identities
26/03/2005 13:40 <REP> Microsoft
26/03/2005 13:40 <REP> ..
26/03/2005 13:40 <REP> Real
26/03/2005 13:40 <REP> .
1 fichier(s) 62 octets
6 R‚p(s) 114493304832 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est E027-9A50

R‚pertoire de C:\Documents and Settings\Propri‚taire

Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est E027-9A50

R‚pertoire de C:\Documents and Settings\ZAKA\Application Data

11/04/2005 15:51 <REP> Macromedia
11/04/2005 15:47 62 desktop.ini
11/04/2005 15:47 <REP> Identities
11/04/2005 15:47 <REP> ..
11/04/2005 15:47 <REP> Microsoft
11/04/2005 15:47 <REP> Real
11/04/2005 15:47 <REP> .
1 fichier(s) 62 octets
6 R‚p(s) 114493304832 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est E027-9A50

R‚pertoire de C:\WINDOWS\Tasks

12/10/2005 11:32 260 ABB625299185D885.job
22/03/2005 11:51 364 Symantec NetDetect.job
30/09/2002 13:04 6 SA.DAT
30/09/2002 13:02 <REP> ..
30/09/2002 13:02 <REP> .
30/09/2002 12:49 65 desktop.ini
4 fichier(s) 695 octets
2 R‚p(s) 114ÿ493ÿ304ÿ832 octets libres

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

*************** Fin du rapport ****************
0
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 279 > seifer59
 
B'soir

Tu devrais créer ton post à TOI, car ceux qui interviennent n'y comprennent plus rien.
Et surtout ça les énerve.
A+
0
seifer59 > ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention  
 
salut désoler de vous avoir mis la confusion mais c'est la premier fois que je suis obliger d'aller sur un forum pour résoudre mes problem informatique donc je ne sais meme pa c quoi un poste sur un forum regis serais t-il posible que je tenvoie mes raport par email?
0
Réponse 7 / 12
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 279
 
COMMENT?????????????????????

LOL
0
Réponse 8 / 12
mike suite
 
file of HijackThis v1.99.1
Scan saved at 10:54:05, on 03/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\poum\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sxwfrbprolzjxonaujwjc.com/f_YwjYPnZe_1ByT_zxGxeRjPKpvETkjZKhKBQgiSgfpvHI_88FveqMFNFjXt2N8T.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abzfgizitavpb.com/f_YwjYPnZe_Yr26oroUWXkO7vCiqHKoKaZFa7_wKvMs.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {74CE87D7-69C6-6200-205D-32730F8D1C04} - C:\DOCUME~1\poum\APPLIC~1\MEOWHI~1\manager keep.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D1D8EF24-D4AF-75F1-B7E0-FD786BBDAC86} - C:\WINNT\system32\ojwsjycz.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKLM\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKLM\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKLM\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKLM\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKLM\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKLM\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKLM\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKLM\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKLM\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKLM\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKLM\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKLM\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKLM\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKLM\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKLM\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKLM\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKLM\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKLM\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKLM\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKLM\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKLM\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKLM\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKLM\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKLM\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKLM\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKLM\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKLM\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKLM\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKLM\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKLM\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKLM\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKLM\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKLM\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKLM\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKLM\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKLM\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKLM\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKLM\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKLM\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKLM\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKLM\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKLM\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKLM\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKLM\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKLM\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKLM\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKLM\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKLM\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKLM\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKLM\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKLM\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKLM\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKLM\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKLM\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKLM\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKLM\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKLM\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKLM\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKLM\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKLM\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKLM\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKLM\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKLM\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKLM\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKLM\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKLM\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKLM\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKLM\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKLM\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKLM\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKLM\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKLM\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKLM\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKLM\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKLM\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKLM\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKLM\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKLM\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKLM\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKLM\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKLM\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKLM\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKLM\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKLM\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKLM\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKLM\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKLM\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKLM\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKLM\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKLM\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKLM\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKLM\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKLM\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKLM\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKLM\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKLM\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKLM\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKLM\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKLM\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKLM\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKLM\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKLM\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKLM\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKLM\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKLM\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKLM\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKLM\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKLM\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKLM\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UWFX5V_0001_LP] "C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe"
O4 - HKLM\..\Run: [Amok seek flaw view] C:\Documents and Settings\All Users\Application Data\Savenurbamokseek\Okay Delete.exe
O4 - HKCU\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKCU\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKCU\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKCU\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKCU\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKCU\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKCU\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKCU\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKCU\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKCU\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKCU\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKCU\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKCU\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKCU\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKCU\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKCU\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKCU\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKCU\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKCU\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKCU\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKCU\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKCU\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKCU\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKCU\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKCU\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKCU\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKCU\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKCU\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKCU\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKCU\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKCU\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKCU\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKCU\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKCU\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKCU\..\Run: [build city] C:\DOCUME~1\poum\APPLIC~1\DENTFU~1\soft axis.exe
O4 - HKCU\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKCU\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKCU\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKCU\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKCU\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKCU\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKCU\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKCU\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKCU\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKCU\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKCU\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKCU\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKCU\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKCU\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKCU\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKCU\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKCU\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKCU\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKCU\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKCU\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKCU\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKCU\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKCU\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKCU\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKCU\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKCU\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKCU\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKCU\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKCU\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKCU\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKCU\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKCU\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKCU\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKCU\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKCU\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKCU\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKCU\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKCU\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKCU\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKCU\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKCU\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKCU\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKCU\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKCU\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKCU\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKCU\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKCU\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKCU\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKCU\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKCU\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKCU\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKCU\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKCU\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKCU\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKCU\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKCU\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKCU\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKCU\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKCU\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKCU\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKCU\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKCU\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKCU\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKCU\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKCU\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKCU\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKCU\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKCU\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKCU\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKCU\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKCU\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKCU\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/fr_fr/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0D1A72-6FE9-408E-AD30-268EFCC71650}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs: PAVWAIT.DLL Œ*FX
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)

voici le apport fait à 15:49:06.38 le lun. 03/10/2005

Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\administrateur\Application Data

22/12/2004 02:11 <DIR> Macromedia
01/04/2003 14:46 2352 mpauth.dat
22/06/2002 18:13 <DIR> Help
21/06/2002 19:03 <DIR> Symantec
31/08/2001 12:12 <DIR> Adobe
31/08/2001 12:12 <DIR> InterTrust
06/08/2001 18:05 <DIR> Identities
06/08/2001 18:04 <DIR> Microsoft
06/08/2001 18:04 <DIR> ..
06/08/2001 18:04 <DIR> .
05/01/1997 21:09 <DIR> {2CF0B992-5EEB-4143-99C2-5297EF71F44B}
1 fichier(s) 2352 octets
10 R‚p(s) 298139648 octets libres
Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\All Users\Application Data

28/09/2005 07:03 <DIR> Spybot - Search & Destroy
04/04/2005 01:47 <DIR> Messenger Plus!
04/04/2005 01:42 <DIR> Savenurbamokseek
24/09/2002 10:20 <DIR> OLYMPUS
24/09/2002 09:57 <DIR> QuickTime
25/04/2002 11:43 <DIR> Symantec
05/08/2001 17:10 <DIR> Microsoft
05/08/2001 16:59 <DIR> ..
05/08/2001 16:59 <DIR> .
0 fichier(s) 0 octets
9 R‚p(s) 298139648 octets libres
Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\Default User\Application Data

15/10/2003 09:14 <DIR> Symantec
05/08/2001 16:59 <DIR> ..
05/08/2001 16:59 <DIR> .
05/08/2001 16:19 <DIR> Microsoft
0 fichier(s) 0 octets
4 R‚p(s) 298139648 octets libres
Le volume dans le lecteur C s'appell
0
Réponse 9 / 12
Utilisateur anonyme
 
salut seifer
je suis completement perdu dans ce poste a poster partout et n importe ou lol

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt
0
Réponse 10 / 12
Utilisateur anonyme
 
salut
j aimerais bien resoudre ton soucis !!!

Poste moi un rapport hijack this + lopxp stp
On devrait s en sortir

a+
0
seifer59
 
je doit metre mon raport ala suite de se message?
0
Réponse 11 / 12
Utilisateur anonyme
 
salut seifer
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

tu comprends pas comment?

a+
0
seifer59
 
resalut regis je te remerci du fond du coeur de mavoir acorder du temps et d'avoir u l'intention de m'aider mais un de mes contact msn a résolut mon problem de la bar bleu :enfet cette @@@@@@@ est un sponsor de msn+ et lors de linstalation de msn+ il demande si lon veut ou non bénéficier des sponsor en cochant une case .mais mon msn + a été suprimer un des 9 logiciel que g télécharger dans le but de me débarasser des pub et il a été reconu com étant un spywar alors je les retélécharger puis instaler et désinstaler et lors de la désinstalation j'ai demander quil enleve les sponsor .je suis sur que mon ordinateur est encor rempli de probleme donc je vais surement revenir tembeter encor un peu :p mais pour le moment je voulais juste me débarasser de cette bar pour pouvoir me livré a ma passion de counter strike encor merci et a+
0
Réponse 12 / 12
Utilisateur anonyme
 
salut,
ben j allais te regler cela a vrai dire si t avais creer ton propre poste !

a+
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses