Pour regis59 nouveau rapport
Fermé
mike
-
BmV Messages postés 43240 Date d'inscription Statut Modérateur Dernière intervention -
BmV Messages postés 43240 Date d'inscription Statut Modérateur Dernière intervention -
voila regis j affiche le nouveau rapport en ce qui concerne search web2 jai pas pu le virer jai lance adware puis spybot en mode sans echec aucun resultat.
salut
ptin la vache, j ai jamais vu un truc pareil lol
on va essayer de faire un peu de menage avant...
Commence par scanner ton pc avec ces 2 anti spywares complémentaires :
1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.htm
Démo d’utilisation (merci à Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/Ad-Aware SE 1.06 <<nouvelle version
https://www.adaware.com/
-Une aide:
http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf
et supprime ce qu il trouve
+
Lance ce scan en ligne:
http://www.bitdefender.com/scan/licence.php
Copie/colle le rapport
+
Télécharge lopxp ici:
https://www.cjoint.com/?kumvZSxxY4
2) dezippe le (clic droit dessus > extraire tout)
et lance lopxp.bat ogfile of HijackThis v1.99.1
Scan saved at 10:54:05, on 03/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\poum\LOCALS~1\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sxwfrbprolzjxonaujwjc.com/f_YwjYPnZe_1ByT_zxGxeRjPKpvETkjZKhKBQgiSgfpvHI_88FveqMFNFjXt2N8T.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abzfgizitavpb.com/f_YwjYPnZe_Yr26oroUWXkO7vCiqHKoKaZFa7_wKvMs.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {74CE87D7-69C6-6200-205D-32730F8D1C04} - C:\DOCUME~1\poum\APPLIC~1\MEOWHI~1\manager keep.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D1D8EF24-D4AF-75F1-B7E0-FD786BBDAC86} - C:\WINNT\system32\ojwsjycz.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKLM\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKLM\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKLM\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKLM\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKLM\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKLM\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKLM\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKLM\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKLM\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKLM\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKLM\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKLM\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKLM\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKLM\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKLM\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKLM\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKLM\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKLM\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKLM\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKLM\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKLM\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKLM\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKLM\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKLM\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKLM\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKLM\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKLM\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKLM\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKLM\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKLM\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKLM\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKLM\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKLM\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKLM\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKLM\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKLM\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKLM\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKLM\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKLM\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKLM\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKLM\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKLM\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKLM\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKLM\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKLM\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKLM\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKLM\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKLM\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKLM\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKLM\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKLM\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKLM\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKLM\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKLM\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKLM\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKLM\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKLM\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKLM\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKLM\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKLM\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKLM\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKLM\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKLM\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKLM\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKLM\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKLM\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKLM\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKLM\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKLM\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKLM\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKLM\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKLM\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKLM\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKLM\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKLM\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKLM\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKLM\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKLM\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKLM\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKLM\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKLM\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKLM\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKLM\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKLM\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKLM\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKLM\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKLM\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKLM\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKLM\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKLM\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKLM\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKLM\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKLM\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKLM\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKLM\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKLM\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKLM\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKLM\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKLM\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKLM\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKLM\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKLM\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKLM\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKLM\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKLM\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKLM\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKLM\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKLM\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKLM\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UWFX5V_0001_LP] "C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe"
O4 - HKLM\..\Run: [Amok seek flaw view] C:\Documents and Settings\All Users\Application Data\Savenurbamokseek\Okay Delete.exe
O4 - HKCU\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKCU\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKCU\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKCU\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKCU\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKCU\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKCU\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKCU\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKCU\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKCU\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKCU\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKCU\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKCU\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKCU\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKCU\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKCU\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKCU\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKCU\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKCU\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKCU\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKCU\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKCU\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKCU\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKCU\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKCU\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKCU\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKCU\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKCU\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKCU\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKCU\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKCU\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKCU\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKCU\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKCU\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKCU\..\Run: [build city] C:\DOCUME~1\poum\APPLIC~1\DENTFU~1\soft axis.exe
O4 - HKCU\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKCU\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKCU\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKCU\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKCU\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKCU\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKCU\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKCU\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKCU\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKCU\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKCU\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKCU\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKCU\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKCU\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKCU\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKCU\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKCU\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKCU\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKCU\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKCU\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKCU\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKCU\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKCU\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKCU\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKCU\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKCU\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKCU\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKCU\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKCU\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKCU\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKCU\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKCU\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKCU\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKCU\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKCU\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKCU\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKCU\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKCU\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKCU\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKCU\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKCU\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKCU\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKCU\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKCU\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKCU\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKCU\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKCU\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKCU\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKCU\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKCU\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKCU\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKCU\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKCU\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKCU\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKCU\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKCU\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKCU\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKCU\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKCU\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKCU\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKCU\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKCU\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKCU\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKCU\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKCU\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKCU\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKCU\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKCU\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKCU\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKCU\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKCU\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKCU\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/fr_fr/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0D1A72-6FE9-408E-AD30-268EFCC71650}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs: PAVWAIT.DLL Œ*FX
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)
pport fait à 10:58:18.91 le lun. 03/10/2005
Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E
R‚pertoire de C:\Documents and Settings\administrateur\Application Data
22/12/2004 02:11 <DIR> Macromedia
01/04/2003 14:4
salut
ptin la vache, j ai jamais vu un truc pareil lol
on va essayer de faire un peu de menage avant...
Commence par scanner ton pc avec ces 2 anti spywares complémentaires :
1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.htm
Démo d’utilisation (merci à Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/Ad-Aware SE 1.06 <<nouvelle version
https://www.adaware.com/
-Une aide:
http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf
et supprime ce qu il trouve
+
Lance ce scan en ligne:
http://www.bitdefender.com/scan/licence.php
Copie/colle le rapport
+
Télécharge lopxp ici:
https://www.cjoint.com/?kumvZSxxY4
2) dezippe le (clic droit dessus > extraire tout)
et lance lopxp.bat ogfile of HijackThis v1.99.1
Scan saved at 10:54:05, on 03/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\poum\LOCALS~1\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sxwfrbprolzjxonaujwjc.com/f_YwjYPnZe_1ByT_zxGxeRjPKpvETkjZKhKBQgiSgfpvHI_88FveqMFNFjXt2N8T.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abzfgizitavpb.com/f_YwjYPnZe_Yr26oroUWXkO7vCiqHKoKaZFa7_wKvMs.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {74CE87D7-69C6-6200-205D-32730F8D1C04} - C:\DOCUME~1\poum\APPLIC~1\MEOWHI~1\manager keep.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D1D8EF24-D4AF-75F1-B7E0-FD786BBDAC86} - C:\WINNT\system32\ojwsjycz.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKLM\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKLM\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKLM\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKLM\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKLM\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKLM\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKLM\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKLM\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKLM\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKLM\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKLM\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKLM\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKLM\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKLM\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKLM\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKLM\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKLM\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKLM\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKLM\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKLM\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKLM\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKLM\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKLM\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKLM\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKLM\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKLM\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKLM\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKLM\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKLM\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKLM\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKLM\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKLM\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKLM\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKLM\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKLM\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKLM\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKLM\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKLM\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKLM\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKLM\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKLM\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKLM\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKLM\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKLM\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKLM\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKLM\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKLM\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKLM\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKLM\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKLM\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKLM\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKLM\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKLM\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKLM\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKLM\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKLM\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKLM\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKLM\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKLM\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKLM\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKLM\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKLM\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKLM\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKLM\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKLM\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKLM\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKLM\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKLM\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKLM\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKLM\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKLM\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKLM\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKLM\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKLM\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKLM\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKLM\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKLM\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKLM\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKLM\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKLM\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKLM\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKLM\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKLM\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKLM\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKLM\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKLM\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKLM\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKLM\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKLM\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKLM\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKLM\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKLM\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKLM\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKLM\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKLM\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKLM\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKLM\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKLM\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKLM\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKLM\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKLM\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKLM\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKLM\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKLM\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKLM\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKLM\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKLM\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKLM\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKLM\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UWFX5V_0001_LP] "C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe"
O4 - HKLM\..\Run: [Amok seek flaw view] C:\Documents and Settings\All Users\Application Data\Savenurbamokseek\Okay Delete.exe
O4 - HKCU\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKCU\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKCU\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKCU\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKCU\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKCU\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKCU\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKCU\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKCU\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKCU\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKCU\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKCU\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKCU\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKCU\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKCU\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKCU\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKCU\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKCU\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKCU\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKCU\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKCU\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKCU\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKCU\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKCU\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKCU\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKCU\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKCU\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKCU\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKCU\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKCU\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKCU\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKCU\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKCU\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKCU\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKCU\..\Run: [build city] C:\DOCUME~1\poum\APPLIC~1\DENTFU~1\soft axis.exe
O4 - HKCU\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKCU\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKCU\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKCU\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKCU\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKCU\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKCU\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKCU\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKCU\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKCU\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKCU\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKCU\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKCU\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKCU\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKCU\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKCU\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKCU\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKCU\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKCU\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKCU\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKCU\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKCU\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKCU\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKCU\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKCU\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKCU\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKCU\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKCU\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKCU\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKCU\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKCU\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKCU\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKCU\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKCU\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKCU\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKCU\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKCU\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKCU\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKCU\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKCU\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKCU\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKCU\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKCU\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKCU\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKCU\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKCU\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKCU\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKCU\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKCU\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKCU\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKCU\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKCU\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKCU\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKCU\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKCU\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKCU\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKCU\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKCU\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKCU\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKCU\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKCU\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKCU\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKCU\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKCU\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKCU\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKCU\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKCU\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKCU\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKCU\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKCU\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKCU\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKCU\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/fr_fr/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0D1A72-6FE9-408E-AD30-268EFCC71650}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs: PAVWAIT.DLL Œ*FX
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)
pport fait à 10:58:18.91 le lun. 03/10/2005
Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E
R‚pertoire de C:\Documents and Settings\administrateur\Application Data
22/12/2004 02:11 <DIR> Macromedia
01/04/2003 14:4
A voir également:
- Pour regis59 nouveau rapport
- Créer un nouveau compte gmail - Guide
- Un exemple de rapport de travail ✓ - Forum Word
- Plan rapport de stage - Guide
- Créer un nouveau compte google - Guide
- Nouveau tag ajouté - Forum Téléphones & tablettes Android
2 réponses
Salut Mike !
Regis a raison : reste sur le poste d origine !
=> on continue ici http://www.commentcamarche.net/forum/affich-1883594-jaffiche-mon-rapport-pour-regis-searchweb2
en utilisant le bouton [Continuer la discussion] !!!!!
Merci.
Regis a raison : reste sur le poste d origine !
=> on continue ici http://www.commentcamarche.net/forum/affich-1883594-jaffiche-mon-rapport-pour-regis-searchweb2
en utilisant le bouton [Continuer la discussion] !!!!!
Merci.
