Pour regis de la part de mike

mike -  
 mike -
bonjour regis je tai laisser mes deux rapport sur le forum o debut jai pas eu de reponse

64 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Une infection détectée sur Windows 2000 présente des entrées de démarrage malicieuses et des scripts dans le registre, avec des modules publicitaires et des fragments issus de HijackThis. Plusieurs éléments de réponse indiquent de nettoyer les entrées Run dans les registres (HKLM et HKCU) et de supprimer les scripts et iframes publicitaires détectés, puis de lancer un nettoyage antivirus et antispyware. Des recommandations pratiques incluent l'exécution de CCleaner pour les éléments résiduels, le contrôle des programmes démarrés (O4 et O9) et la désactivation des services inutiles, puis un nouveau scan HijackThis pour vérifier. En cas de persistance d'injections, une réinstallation partielle du système et une sauvegarde préalable des données critiques peuvent être envisagées pour garantir l'élimination durable des traces.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    salut
    oui je sais, mais je n etais pas dispo lorsque tu les as poster et ensuite quelqu un a reposter dessu, donc je m y suis perdu
    ainsi il me faudrait de nouveaux rapports, car ils ont pu changer depuis 2jours

    merci

    a+
    0
  2. mike
     
    voici le nouveau
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\SYSTEM32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINNT\System32\mnmsrvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\Documents and Settings\poum\Mes documents\HijackThis.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\WINNT\system32\cmd.exe
    C:\WINNT\SYSTEM32\notepad.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abzfgizitavpb.com/f_YwjYPnZe_Yr26oroUWXkO7vCiqHKoKaZFa7_wKvMs.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*https://fr.yahoo.com/?p=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {74CE87D7-69C6-6200-205D-32730F8D1C04} - C:\DOCUME~1\poum\APPLIC~1\MEOWHI~1\manager keep.exe (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {D1D8EF24-D4AF-75F1-B7E0-FD786BBDAC86} - C:\WINNT\system32\ojwsjycz.dll (file missing)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
    O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
    O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
    O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
    O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
    O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
    O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
    O4 - HKLM\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
    O4 - HKLM\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
    O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
    O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
    O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
    O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
    O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
    O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKLM\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
    O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
    O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKLM\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
    O4 - HKLM\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
    O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKLM\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
    O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
    O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
    O4 - HKLM\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
    O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
    O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
    O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
    O4 - HKLM\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
    O4 - HKLM\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
    O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
    O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
    O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
    O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
    O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
    O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
    O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
    O4 - HKLM\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
    O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
    O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
    O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
    O4 - HKLM\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
    O4 - HKLM\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
    O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
    O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
    O4 - HKLM\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
    O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
    O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
    O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
    O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
    O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
    O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
    O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
    O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
    O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
    O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
    O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
    O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
    O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
    O4 - HKLM\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
    O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
    O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
    O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
    O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
    O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
    O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
    O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
    O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
    O4 - HKLM\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
    O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
    O4 - HKLM\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
    O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
    O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKLM\..\Run: [} el] c:\WINNT\System32\} else {
    O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - HKLM\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
    O4 - HKLM\..\Run: [var strT] c:\WINNT\System32\var strTemp;
    O4 - HKLM\..\Run: [var strP] c:\WINNT\System32\var strPort;
    O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
    O4 - HKLM\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
    O4 - HKLM\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
    O4 - HKLM\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
    O4 - HKLM\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
    O4 - HKLM\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
    O4 - HKLM\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
    O4 - HKLM\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
    O4 - HKLM\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
    O4 - HKLM\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
    O4 - HKLM\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
    O4 - HKLM\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
    O4 - HKLM\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
    O4 - HKLM\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
    O4 - HKLM\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
    O4 - HKLM\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
    O4 - HKLM\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
    O4 - HKLM\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
    O4 - HKLM\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
    O4 - HKLM\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
    O4 - HKLM\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
    O4 - HKLM\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
    O4 - HKLM\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
    O4 - HKLM\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
    O4 - HKLM\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
    O4 - HKLM\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
    O4 - HKLM\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
    O4 - HKLM\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
    O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
    O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
    O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
    O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
    O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
    O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
    O4 - HKLM\..\Run: [bo] c:\WINNT\System32\body {
    O4 - HKLM\..\Run: [#head] c:\WINNT\System32\#header {
    O4 - HKLM\..\Run: [#ma] c:\WINNT\System32\#main {
    O4 - HKLM\..\Run: [#htit] c:\WINNT\System32\#htitle {
    O4 - HKLM\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
    O4 - HKLM\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
    O4 - HKLM\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
    O4 - HKLM\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
    O4 - HKLM\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
    O4 - HKLM\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
    O4 - HKLM\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
    O4 - HKLM\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
    O4 - HKLM\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
    O4 - HKLM\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
    O4 - HKLM\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
    O4 - HKLM\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
    O4 - HKLM\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
    O4 - HKLM\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
    O4 - HKLM\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
    O4 - HKLM\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
    O4 - HKLM\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
    O4 - HKLM\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
    O4 - HKLM\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
    O4 - HKLM\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
    O4 - HKLM\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
    O4 - HKLM\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
    O4 - HKLM\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
    O4 - HKLM\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
    O4 - HKLM\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
    O4 - HKLM\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
    O4 - HKLM\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
    O4 - HKLM\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
    O4 - HKLM\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
    O4 - HKLM\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
    O4 - HKLM\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
    O4 - HKLM\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
    O4 - HKLM\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
    O4 - HKLM\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
    O4 - HKLM\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
    O4 - HKLM\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
    O4 - HKLM\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
    O4 - HKLM\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
    O4 - HKLM\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
    O4 - HKLM\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
    O4 - HKLM\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
    O4 - HKLM\..\Run: [.sevil] c:\WINNT\System32\.seville {
    O4 - HKLM\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
    O4 - HKLM\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
    O4 - HKLM\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
    O4 - HKLM\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
    O4 - HKLM\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
    O4 - HKLM\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
    O4 - HKLM\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
    O4 - HKLM\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
    O4 - HKLM\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
    O4 - HKLM\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
    O4 - HKLM\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
    O4 - HKLM\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
    O4 - HKLM\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
    O4 - HKLM\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
    O4 - HKLM\..\Run: [.popular] c:\WINNT\System32\.popular a {
    O4 - HKLM\..\Run: [.popul] c:\WINNT\System32\.popular {
    O4 - HKLM\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
    O4 - HKLM\..\Run: [#sear] c:\WINNT\System32\#search {
    O4 - HKLM\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
    O4 - HKLM\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
    O4 - HKLM\..\Run: [#search lab] c:\WINNT\System32\#search label {
    O4 - HKLM\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
    O4 - HKLM\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
    O4 - HKLM\..\Run: [#popb] c:\WINNT\System32\#popbot {
    O4 - HKLM\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
    O4 - HKLM\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NI.UWFX5V_0001_LP] "C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe"
    O4 - HKLM\..\Run: [Amok seek flaw view] C:\Documents and Settings\All Users\Application Data\Savenurbamokseek\Okay Delete.exe
    O4 - HKCU\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
    O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
    O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
    O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
    O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
    O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
    O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
    O4 - HKCU\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
    O4 - HKCU\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
    O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
    O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
    O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
    O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
    O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
    O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKCU\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
    O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
    O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKCU\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
    O4 - HKCU\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
    O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKCU\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
    O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
    O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
    O4 - HKCU\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
    O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
    O4 - HKCU\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
    O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
    O4 - HKCU\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
    O4 - HKCU\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
    O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
    O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
    O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
    O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
    O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
    O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
    O4 - HKCU\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
    O4 - HKCU\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
    O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
    O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
    O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
    O4 - HKCU\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
    O4 - HKCU\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
    O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
    O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
    O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
    O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
    O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
    O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
    O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
    O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
    O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
    O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
    O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
    O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
    O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
    O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
    O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
    O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
    O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
    O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
    O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
    O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
    O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
    O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
    O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
    O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
    O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
    O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
    O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
    O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
    O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
    O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
    O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
    O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
    O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
    O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
    O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
    O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
    O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
    O4 - HKCU\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
    O4 - HKCU\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
    O4 - HKCU\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
    O4 - HKCU\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
    O4 - HKCU\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
    O4 - HKCU\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
    O4 - HKCU\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
    O4 - HKCU\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
    O4 - HKCU\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
    O4 - HKCU\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
    O4 - HKCU\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
    O4 - HKCU\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
    O4 - HKCU\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
    O4 - HKCU\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
    O4 - HKCU\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
    O4 - HKCU\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
    O4 - HKCU\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
    O4 - HKCU\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
    O4 - HKCU\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
    O4 - HKCU\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
    O4 - HKCU\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
    O4 - HKCU\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
    O4 - HKCU\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
    O4 - HKCU\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
    O4 - HKCU\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
    O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
    O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
    O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
    O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
    O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
    O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
    O4 - HKCU\..\Run: [build city] C:\DOCUME~1\poum\APPLIC~1\DENTFU~1\soft axis.exe
    O4 - HKCU\..\Run: [bo] c:\WINNT\System32\body {
    O4 - HKCU\..\Run: [#head] c:\WINNT\System32\#header {
    O4 - HKCU\..\Run: [#ma] c:\WINNT\System32\#main {
    O4 - HKCU\..\Run: [#htit] c:\WINNT\System32\#htitle {
    O4 - HKCU\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
    O4 - HKCU\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
    O4 - HKCU\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
    O4 - HKCU\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
    O4 - HKCU\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
    O4 - HKCU\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
    O4 - HKCU\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
    O4 - HKCU\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
    O4 - HKCU\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
    O4 - HKCU\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
    O4 - HKCU\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
    O4 - HKCU\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
    O4 - HKCU\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
    O4 - HKCU\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
    O4 - HKCU\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
    O4 - HKCU\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
    O4 - HKCU\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
    O4 - HKCU\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
    O4 - HKCU\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
    O4 - HKCU\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
    O4 - HKCU\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
    O4 - HKCU\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
    O4 - HKCU\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
    O4 - HKCU\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
    O4 - HKCU\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
    O4 - HKCU\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
    O4 - HKCU\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
    O4 - HKCU\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
    O4 - HKCU\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
    O4 - HKCU\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
    O4 - HKCU\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
    O4 - HKCU\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
    O4 - HKCU\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
    O4 - HKCU\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
    O4 - HKCU\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
    O4 - HKCU\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
    O4 - HKCU\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
    O4 - HKCU\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
    O4 - HKCU\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
    O4 - HKCU\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
    O4 - HKCU\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
    O4 - HKCU\..\Run: [.sevil] c:\WINNT\System32\.seville {
    O4 - HKCU\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
    O4 - HKCU\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
    O4 - HKCU\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
    O4 - HKCU\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
    O4 - HKCU\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
    O4 - HKCU\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
    O4 - HKCU\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
    O4 - HKCU\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
    O4 - HKCU\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
    O4 - HKCU\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
    O4 - HKCU\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
    O4 - HKCU\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
    O4 - HKCU\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
    O4 - HKCU\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
    O4 - HKCU\..\Run: [.popular] c:\WINNT\System32\.popular a {
    O4 - HKCU\..\Run: [.popul] c:\WINNT\System32\.popular {
    O4 - HKCU\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
    O4 - HKCU\..\Run: [#sear] c:\WINNT\System32\#search {
    O4 - HKCU\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
    O4 - HKCU\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
    O4 - HKCU\..\Run: [#search lab] c:\WINNT\System32\#search label {
    O4 - HKCU\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
    O4 - HKCU\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
    O4 - HKCU\..\Run: [#popb] c:\WINNT\System32\#popbot {
    O4 - HKCU\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
    O4 - HKCU\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
    O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/fr_fr/forHome/products/housecall.html
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0D1A72-6FE9-408E-AD30-268EFCC71650}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.130 80.10.246.3
    O20 - AppInit_DLLs: PAVWAIT.DLL Œ*FX
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)

    rapport hijackthis que dois je effacer regis
    0
  3. mike
     
    voici le rappoRapport fait à 15:49:06.38 le lun. 03/10/2005

    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\administrateur\Application Data

    22/12/2004 02:11 <DIR> Macromedia
    01/04/2003 14:46 2352 mpauth.dat
    22/06/2002 18:13 <DIR> Help
    21/06/2002 19:03 <DIR> Symantec
    31/08/2001 12:12 <DIR> Adobe
    31/08/2001 12:12 <DIR> InterTrust
    06/08/2001 18:05 <DIR> Identities
    06/08/2001 18:04 <DIR> Microsoft
    06/08/2001 18:04 <DIR> ..
    06/08/2001 18:04 <DIR> .
    05/01/1997 21:09 <DIR> {2CF0B992-5EEB-4143-99C2-5297EF71F44B}
    1 fichier(s) 2352 octets
    10 R‚p(s) 298139648 octets libres
    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\All Users\Application Data

    28/09/2005 07:03 <DIR> Spybot - Search & Destroy
    04/04/2005 01:47 <DIR> Messenger Plus!
    04/04/2005 01:42 <DIR> Savenurbamokseek
    24/09/2002 10:20 <DIR> OLYMPUS
    24/09/2002 09:57 <DIR> QuickTime
    25/04/2002 11:43 <DIR> Symantec
    05/08/2001 17:10 <DIR> Microsoft
    05/08/2001 16:59 <DIR> ..
    05/08/2001 16:59 <DIR> .
    0 fichier(s) 0 octets
    9 R‚p(s) 298139648 octets libres
    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\Default User\Application Data

    15/10/2003 09:14 <DIR> Symantec
    05/08/2001 16:59 <DIR> ..
    05/08/2001 16:59 <DIR> .
    05/08/2001 16:19 <DIR> Microsoft
    0 fichier(s) 0 octets
    4 R‚p(s) 298139648 octets libres
    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\poum\Application Data

    30/09/2005 18:58 <DIR> Media Player Classic
    28/09/2005 18:30 <DIR> Meowhidegreat
    28/09/2005 15:00 <DIR> MSNInstaller
    13/09/2005 11:32 <DIR> Google
    05/04/2005 10:22 <DIR> XnView
    04/04/2005 01:41 <DIR> dent funk user
    25/12/2004 05:58 <DIR> Yahoo!
    12/05/2003 13:54 <DIR> InterTrust
    12/05/2003 13:49 0 dm.ini
    31/03/2003 23:16 3136 mpauth.dat
    05/08/2002 10:37 <DIR> Symantec
    18/07/2002 16:30 <DIR> Help
    14/07/2002 18:40 <DIR> Macromedia
    22/06/2002 19:00 <DIR> Adobe
    22/06/2002 18:55 <DIR> Identities
    22/06/2002 18:55 <DIR> Microsoft
    22/06/2002 18:55 <DIR> ..
    22/06/2002 18:55 <DIR> .
    01/01/1997 13:26 <DIR> PhotoParade
    2 fichier(s) 3136 octets
    17 R‚p(s) 298139648 octets libres
    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\Poum 2\Application Data

    12/08/2004 19:43 <DIR> Identities
    12/08/2004 19:42 <DIR> Microsoft
    12/08/2004 19:42 <DIR> Symantec
    12/08/2004 19:42 <DIR> ..
    12/08/2004 19:42 <DIR> .
    0 fichier(s) 0 octets
    5 R‚p(s) 298139648 octets libres
    ******************************************
    Recherche des taches planifiées dans C:\WINNT\tasks

    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\WINNT\Tasks

    28/09/2005 18:31 256 B027360C903CA678.job
    05/08/2001 16:21 6 SA.DAT
    05/08/2001 16:17 65 desktop.ini
    05/08/2001 16:17 <DIR> ..
    05/08/2001 16:17 <DIR> .
    3 fichier(s) 327 octets
    2 R‚p(s) 298ÿ074ÿ112 octets libres

    ******************************************
    Recherche dans Program files

    C:\Program Files\C2Media Présent !

    *************** Fin du rapport ****************
    Rapport fait à 12:58:40.28 le mar. 04/10/2005

    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\administrateur\Application Data

    22/12/2004 02:11 <DIR> Macromedia
    01/04/2003 14:46 2352 mpauth.dat
    22/06/2002 18:13 <DIR> Help
    21/06/2002 19:03 <DIR> Symantec
    31/08/2001 12:12 <DIR> Adobe
    31/08/2001 12:12 <DIR> InterTrust
    06/08/2001 18:05 <DIR> Identities
    06/08/2001 18:04 <DIR> Microsoft
    06/08/2001 18:04 <DIR> ..
    06/08/2001 18:04 <DIR> .
    05/01/1997 21:09 <DIR> {2CF0B992-5EEB-4143-99C2-5297EF71F44B}
    1 fichier(s) 2352 octets
    10 R‚p(s) 291500032 octets libres
    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\All Users\Application Data

    03/10/2005 23:53 1763 QTSBandwidthCache
    03/10/2005 23:29 <DIR> Apple Computer
    28/09/2005 07:03 <DIR> Spybot - Search & Destroy
    04/04/2005 01:47 <DIR> Messenger Plus!
    04/04/2005 01:42 <DIR> Savenurbamokseek
    24/09/2002 10:20 <DIR> OLYMPUS
    25/04/2002 11:43 <DIR> Symantec
    05/08/2001 17:10 <DIR> Microsoft
    05/08/2001 16:59 <DIR> ..
    05/08/2001 16:59 <DIR> .
    1 fichier(s) 1763 octets
    9 R‚p(s) 291500032 octets libres
    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\Default User\Application Data

    15/10/2003 09:14 <DIR> Symantec
    05/08/2001 16:59 <DIR> ..
    05/08/2001 16:59 <DIR> .
    05/08/2001 16:19 <DIR> Microsoft
    0 fichier(s) 0 octets
    4 R‚p(s) 291500032 octets libres
    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\poum\Application Data

    03/10/2005 23:49 <DIR> Apple Computer
    30/09/2005 18:58 <DIR> Media Player Classic
    28/09/2005 18:30 <DIR> Meowhidegreat
    28/09/2005 15:00 <DIR> MSNInstaller
    13/09/2005 11:32 <DIR> Google
    05/04/2005 10:22 <DIR> XnView
    04/04/2005 01:41 <DIR> dent funk user
    25/12/2004 05:58 <DIR> Yahoo!
    12/05/2003 13:54 <DIR> InterTrust
    12/05/2003 13:49 0 dm.ini
    31/03/2003 23:16 3136 mpauth.dat
    05/08/2002 10:37 <DIR> Symantec
    18/07/2002 16:30 <DIR> Help
    14/07/2002 18:40 <DIR> Macromedia
    22/06/2002 19:00 <DIR> Adobe
    22/06/2002 18:55 <DIR> Identities
    22/06/2002 18:55 <DIR> Microsoft
    22/06/2002 18:55 <DIR> ..
    22/06/2002 18:55 <DIR> .
    01/01/1997 13:26 <DIR> PhotoParade
    2 fichier(s) 3136 octets
    18 R‚p(s) 291500032 octets libres
    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\Documents and Settings\Poum 2\Application Data

    12/08/2004 19:43 <DIR> Identities
    12/08/2004 19:42 <DIR> Microsoft
    12/08/2004 19:42 <DIR> Symantec
    12/08/2004 19:42 <DIR> ..
    12/08/2004 19:42 <DIR> .
    0 fichier(s) 0 octets
    5 R‚p(s) 291434496 octets libres
    ******************************************
    Recherche des taches planifiées dans C:\WINNT\tasks

    Le volume dans le lecteur C s'appelle mon disque dur
    Le num‚ro de s‚rie du volume est 44A3-789E

    R‚pertoire de C:\WINNT\Tasks

    28/09/2005 18:31 256 B027360C903CA678.job
    05/08/2001 16:21 6 SA.DAT
    05/08/2001 16:17 65 desktop.ini
    05/08/2001 16:17 <DIR> ..
    05/08/2001 16:17 <DIR> .
    3 fichier(s) 327 octets
    2 R‚p(s) 291ÿ495ÿ936 octets libres

    ******************************************
    Recherche dans Program files

    C:\Program Files\C2Media Présent !

    *************** Fin du rapport ****************rt lop txt
    0
  4. Utilisateur anonyme
     
    Bonjour,

    Imprime, ou enregistre la manip dans un fichier dans le bloc notes pour être sur ne rien oublier et de tout faire dans l'ordre.

    1/Telecharge ceci: Clean Up 40:
    http://pageperso.aol.fr/balltrap34/CleanUp40.exe
    -aide en image:(merci à Balltrap34).
    http://pageperso.aol.fr/balltrap34/democleanup.htm

    Déconnecte toi d'Internet et ferme tout les programmes en cours.

    Redémarre en mode sans échec
    Redémarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
    Choisis le mode sans échec dans les options et valide avec entrée.
    (Si F8 ne marche pas, essai F5)

    Rend visible les fichiers cachés et système
    panneau de configuration > options des dossiers > onglet affichage
    Cocher la case devant " afficher les fichiers et dossiers cachés "
    Décocher la case devant " masquer les extensions des fichiers dont le type est connu"
    Décocher la case devant " masquer les fichiers protégés du système"
    clic sur [Appliquer] puis sur [ok] pour valider

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Lance hijackthis et clic sur [do a system scan only]
    cocher la case au début des lignes suivantes:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abzfgizitavpb.com/f_YwjYPnZe_Yr26oroUWXkO7vCiqHKoKaZFa7_wKvMs.php

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

    R3 - Default URLSearchHook is missing

    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com

    O4 - HKLM\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
    O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
    O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
    O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
    O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
    O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
    O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
    O4 - HKLM\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
    O4 - HKLM\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
    O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
    O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
    O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
    O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
    O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
    O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKLM\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
    O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
    O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKLM\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
    O4 - HKLM\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
    O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKLM\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
    O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
    O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
    O4 - HKLM\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
    O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
    O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
    O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
    O4 - HKLM\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
    O4 - HKLM\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
    O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
    O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
    O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
    O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
    O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
    O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
    O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
    O4 - HKLM\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
    O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
    O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
    O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
    O4 - HKLM\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
    O4 - HKLM\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
    O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
    O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
    O4 - HKLM\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
    O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
    O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
    O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
    O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
    O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
    O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
    O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
    O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
    O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
    O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
    O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
    O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
    O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
    O4 - HKLM\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
    O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
    O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
    O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
    O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
    O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
    O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
    O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
    O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
    O4 - HKLM\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;

    O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
    O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
    O4 - HKLM\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
    O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
    O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKLM\..\Run: [} el] c:\WINNT\System32\} else {
    O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - HKLM\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
    O4 - HKLM\..\Run: [var strT] c:\WINNT\System32\var strTemp;
    O4 - HKLM\..\Run: [var strP] c:\WINNT\System32\var strPort;
    O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
    O4 - HKLM\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
    O4 - HKLM\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
    O4 - HKLM\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
    O4 - HKLM\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
    O4 - HKLM\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
    O4 - HKLM\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
    O4 - HKLM\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
    O4 - HKLM\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
    O4 - HKLM\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
    O4 - HKLM\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
    O4 - HKLM\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
    O4 - HKLM\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
    O4 - HKLM\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
    O4 - HKLM\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
    O4 - HKLM\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
    O4 - HKLM\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
    O4 - HKLM\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
    O4 - HKLM\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
    O4 - HKLM\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
    O4 - HKLM\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
    O4 - HKLM\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
    O4 - HKLM\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
    O4 - HKLM\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
    O4 - HKLM\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
    O4 - HKLM\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
    O4 - HKLM\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
    O4 - HKLM\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
    O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
    O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
    O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
    O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
    O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
    O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
    O4 - HKLM\..\Run: [bo] c:\WINNT\System32\body {
    O4 - HKLM\..\Run: [#head] c:\WINNT\System32\#header {
    O4 - HKLM\..\Run: [#ma] c:\WINNT\System32\#main {
    O4 - HKLM\..\Run: [#htit] c:\WINNT\System32\#htitle {
    O4 - HKLM\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
    O4 - HKLM\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
    O4 - HKLM\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
    O4 - HKLM\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
    O4 - HKLM\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
    O4 - HKLM\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
    O4 - HKLM\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
    O4 - HKLM\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
    O4 - HKLM\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
    O4 - HKLM\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
    O4 - HKLM\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
    O4 - HKLM\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
    O4 - HKLM\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
    O4 - HKLM\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
    O4 - HKLM\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
    O4 - HKLM\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
    O4 - HKLM\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
    O4 - HKLM\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
    O4 - HKLM\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
    O4 - HKLM\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
    O4 - HKLM\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
    O4 - HKLM\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
    O4 - HKLM\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
    O4 - HKLM\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
    O4 - HKLM\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
    O4 - HKLM\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
    O4 - HKLM\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
    O4 - HKLM\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
    O4 - HKLM\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
    O4 - HKLM\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
    O4 - HKLM\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
    O4 - HKLM\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
    O4 - HKLM\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
    O4 - HKLM\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
    O4 - HKLM\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
    O4 - HKLM\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
    O4 - HKLM\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
    O4 - HKLM\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
    O4 - HKLM\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
    O4 - HKLM\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
    O4 - HKLM\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
    O4 - HKLM\..\Run: [.sevil] c:\WINNT\System32\.seville {
    O4 - HKLM\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
    O4 - HKLM\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
    O4 - HKLM\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
    O4 - HKLM\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
    O4 - HKLM\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
    O4 - HKLM\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
    O4 - HKLM\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
    O4 - HKLM\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
    O4 - HKLM\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
    O4 - HKLM\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
    O4 - HKLM\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
    O4 - HKLM\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
    O4 - HKLM\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
    O4 - HKLM\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
    O4 - HKLM\..\Run: [.popular] c:\WINNT\System32\.popular a {
    O4 - HKLM\..\Run: [.popul] c:\WINNT\System32\.popular {
    O4 - HKLM\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
    O4 - HKLM\..\Run: [#sear] c:\WINNT\System32\#search {
    O4 - HKLM\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
    O4 - HKLM\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
    O4 - HKLM\..\Run: [#search lab] c:\WINNT\System32\#search label {
    O4 - HKLM\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
    O4 - HKLM\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
    O4 - HKLM\..\Run: [#popb] c:\WINNT\System32\#popbot {
    O4 - HKLM\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
    O4 - HKLM\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {

    O4 - HKLM\..\Run: [NI.UWFX5V_0001_LP] "C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe"
    O4 - HKLM\..\Run: [Amok seek flaw view] C:\Documents and Settings\All Users\Application Data\Savenurbamokseek\Okay Delete.exe
    O4 - HKCU\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
    O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
    O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
    O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
    O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
    O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
    O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
    O4 - HKCU\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
    O4 - HKCU\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
    O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
    O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
    O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
    O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
    O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
    O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKCU\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
    O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
    O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKCU\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
    O4 - HKCU\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
    O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKCU\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
    O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
    O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
    O4 - HKCU\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
    O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
    O4 - HKCU\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
    O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
    O4 - HKCU\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
    O4 - HKCU\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
    O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
    O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
    O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
    O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
    O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
    O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
    O4 - HKCU\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
    O4 - HKCU\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
    O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
    O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
    O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
    O4 - HKCU\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
    O4 - HKCU\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
    O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
    O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
    O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
    O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
    O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
    O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
    O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
    O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
    O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
    O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
    O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
    O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
    O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
    O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
    O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
    O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
    O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
    O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
    O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
    O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
    O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
    O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
    O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
    O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
    O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
    O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
    O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
    O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
    O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
    O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
    O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
    O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
    O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
    O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
    O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
    O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
    O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
    O4 - HKCU\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
    O4 - HKCU\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
    O4 - HKCU\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
    O4 - HKCU\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
    O4 - HKCU\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
    O4 - HKCU\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
    O4 - HKCU\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
    O4 - HKCU\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
    O4 - HKCU\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
    O4 - HKCU\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
    O4 - HKCU\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
    O4 - HKCU\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
    O4 - HKCU\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
    O4 - HKCU\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
    O4 - HKCU\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
    O4 - HKCU\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
    O4 - HKCU\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
    O4 - HKCU\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
    O4 - HKCU\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
    O4 - HKCU\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
    O4 - HKCU\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
    O4 - HKCU\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
    O4 - HKCU\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
    O4 - HKCU\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
    O4 - HKCU\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
    O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
    O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
    O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
    O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
    O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
    O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
    O4 - HKCU\..\Run: [build city] C:\DOCUME~1\poum\APPLIC~1\DENTFU~1\soft axis.exe
    O4 - HKCU\..\Run: [bo] c:\WINNT\System32\body {
    O4 - HKCU\..\Run: [#head] c:\WINNT\System32\#header {
    O4 - HKCU\..\Run: [#ma] c:\WINNT\System32\#main {
    O4 - HKCU\..\Run: [#htit] c:\WINNT\System32\#htitle {
    O4 - HKCU\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
    O4 - HKCU\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
    O4 - HKCU\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
    O4 - HKCU\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
    O4 - HKCU\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
    O4 - HKCU\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
    O4 - HKCU\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
    O4 - HKCU\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
    O4 - HKCU\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
    O4 - HKCU\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
    O4 - HKCU\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
    O4 - HKCU\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
    O4 - HKCU\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
    O4 - HKCU\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
    O4 - HKCU\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
    O4 - HKCU\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
    O4 - HKCU\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
    O4 - HKCU\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
    O4 - HKCU\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
    O4 - HKCU\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
    O4 - HKCU\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
    O4 - HKCU\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
    O4 - HKCU\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
    O4 - HKCU\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
    O4 - HKCU\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
    O4 - HKCU\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
    O4 - HKCU\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
    O4 - HKCU\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
    O4 - HKCU\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
    O4 - HKCU\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
    O4 - HKCU\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
    O4 - HKCU\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
    O4 - HKCU\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
    O4 - HKCU\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
    O4 - HKCU\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
    O4 - HKCU\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
    O4 - HKCU\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
    O4 - HKCU\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
    O4 - HKCU\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
    O4 - HKCU\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
    O4 - HKCU\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
    O4 - HKCU\..\Run: [.sevil] c:\WINNT\System32\.seville {
    O4 - HKCU\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
    O4 - HKCU\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
    O4 - HKCU\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
    O4 - HKCU\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
    O4 - HKCU\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
    O4 - HKCU\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
    O4 - HKCU\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
    O4 - HKCU\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
    O4 - HKCU\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
    O4 - HKCU\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
    O4 - HKCU\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
    O4 - HKCU\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
    O4 - HKCU\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
    O4 - HKCU\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
    O4 - HKCU\..\Run: [.popular] c:\WINNT\System32\.popular a {
    O4 - HKCU\..\Run: [.popul] c:\WINNT\System32\.popular {
    O4 - HKCU\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
    O4 - HKCU\..\Run: [#sear] c:\WINNT\System32\#search {
    O4 - HKCU\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
    O4 - HKCU\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
    O4 - HKCU\..\Run: [#search lab] c:\WINNT\System32\#search label {
    O4 - HKCU\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
    O4 - HKCU\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
    O4 - HKCU\..\Run: [#popb] c:\WINNT\System32\#popbot {
    O4 - HKCU\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
    O4 - HKCU\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {

    O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0D1A72-6FE9-408E-AD30-268EFCC71650}: NameServer = 192.168.1.1

    O20 - AppInit_DLLs: PAVWAIT.DLL Œ*FX

    valider en cliquant sur le bouton [fix checked]

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Recherche et supprime ces dossiers:

    Supprimer les fichiers en suivant le chemin des fichiers infectés si possible, plutot que d'utiliser la fonction "Rechercher"

    S'ils sont présents, supprime:

    C:\Program Files\C2Media

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Ensuite fais Démarrer > exécuter et tape cmd
    puis valide avec ok

    dans la fenêtre qui va s'ouvrir, copie et colle ceci:

    del /a C:\WINDOWS\tasks\B027360C903CA678.job

    et valide en appuyant sur entrée

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Ensuite, très important:

    :: Supprimer les fichiers temporaires ::

    Exécute cleanup40.

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Redémarre normalement et reposte un Hijackthis sur le poste…

    Précises moi ou en sont tes soucis…

    A+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. mike
     
    voila le nouveau rapport jaLogfile of HijackThis v1.99.1
    Scan saved at 18:33:27, on 04/10/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\SYSTEM32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINNT\System32\mnmsrvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    C:\Documents and Settings\poum\Mes documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kggtglfulwfjyhdefca.net/f_YwjYPnZe_1ByT_zxGxeRjPKpvETkjZKhKBQgiSgfo5pIe39twcisFNFjXt2N8T.html
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
    O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
    O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
    O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
    O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
    O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
    O4 - HKLM\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
    O4 - HKLM\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
    O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
    O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
    O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
    O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
    O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
    O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKLM\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
    O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
    O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKLM\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
    O4 - HKLM\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
    O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKLM\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
    O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
    O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
    O4 - HKLM\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
    O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
    O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
    O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
    O4 - HKLM\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
    O4 - HKLM\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
    O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
    O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
    O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
    O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
    O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
    O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
    O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
    O4 - HKLM\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
    O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
    O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
    O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
    O4 - HKLM\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
    O4 - HKLM\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
    O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
    O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
    O4 - HKLM\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
    O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
    O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
    O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
    O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
    O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
    O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
    O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
    O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
    O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
    O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
    O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
    O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
    O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
    O4 - HKLM\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
    O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
    O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
    O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
    O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
    O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
    O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
    O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
    O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
    O4 - HKLM\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
    O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
    O4 - HKLM\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
    O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
    O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKLM\..\Run: [} el] c:\WINNT\System32\} else {
    O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - HKLM\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
    O4 - HKLM\..\Run: [var strT] c:\WINNT\System32\var strTemp;
    O4 - HKLM\..\Run: [var strP] c:\WINNT\System32\var strPort;
    O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
    O4 - HKLM\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
    O4 - HKLM\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
    O4 - HKLM\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
    O4 - HKLM\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
    O4 - HKLM\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
    O4 - HKLM\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
    O4 - HKLM\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
    O4 - HKLM\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
    O4 - HKLM\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
    O4 - HKLM\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
    O4 - HKLM\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
    O4 - HKLM\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
    O4 - HKLM\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
    O4 - HKLM\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
    O4 - HKLM\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
    O4 - HKLM\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
    O4 - HKLM\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
    O4 - HKLM\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
    O4 - HKLM\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
    O4 - HKLM\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
    O4 - HKLM\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
    O4 - HKLM\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
    O4 - HKLM\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
    O4 - HKLM\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
    O4 - HKLM\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
    O4 - HKLM\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
    O4 - HKLM\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
    O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
    O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
    O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
    O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
    O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
    O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
    O4 - HKLM\..\Run: [bo] c:\WINNT\System32\body {
    O4 - HKLM\..\Run: [#head] c:\WINNT\System32\#header {
    O4 - HKLM\..\Run: [#ma] c:\WINNT\System32\#main {
    O4 - HKLM\..\Run: [#htit] c:\WINNT\System32\#htitle {
    O4 - HKLM\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
    O4 - HKLM\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
    O4 - HKLM\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
    O4 - HKLM\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
    O4 - HKLM\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
    O4 - HKLM\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
    O4 - HKLM\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
    O4 - HKLM\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
    O4 - HKLM\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
    O4 - HKLM\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
    O4 - HKLM\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
    O4 - HKLM\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
    O4 - HKLM\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
    O4 - HKLM\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
    O4 - HKLM\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
    O4 - HKLM\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
    O4 - HKLM\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
    O4 - HKLM\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
    O4 - HKLM\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
    O4 - HKLM\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
    O4 - HKLM\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
    O4 - HKLM\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
    O4 - HKLM\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
    O4 - HKLM\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
    O4 - HKLM\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
    O4 - HKLM\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
    O4 - HKLM\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
    O4 - HKLM\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
    O4 - HKLM\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
    O4 - HKLM\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
    O4 - HKLM\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
    O4 - HKLM\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
    O4 - HKLM\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
    O4 - HKLM\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
    O4 - HKLM\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
    O4 - HKLM\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
    O4 - HKLM\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
    O4 - HKLM\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
    O4 - HKLM\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
    O4 - HKLM\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
    O4 - HKLM\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
    O4 - HKLM\..\Run: [.sevil] c:\WINNT\System32\.seville {
    O4 - HKLM\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
    O4 - HKLM\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
    O4 - HKLM\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
    O4 - HKLM\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
    O4 - HKLM\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
    O4 - HKLM\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
    O4 - HKLM\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
    O4 - HKLM\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
    O4 - HKLM\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
    O4 - HKLM\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
    O4 - HKLM\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
    O4 - HKLM\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
    O4 - HKLM\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
    O4 - HKLM\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
    O4 - HKLM\..\Run: [.popular] c:\WINNT\System32\.popular a {
    O4 - HKLM\..\Run: [.popul] c:\WINNT\System32\.popular {
    O4 - HKLM\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
    O4 - HKLM\..\Run: [#sear] c:\WINNT\System32\#search {
    O4 - HKLM\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
    O4 - HKLM\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
    O4 - HKLM\..\Run: [#search lab] c:\WINNT\System32\#search label {
    O4 - HKLM\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
    O4 - HKLM\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
    O4 - HKLM\..\Run: [#popb] c:\WINNT\System32\#popbot {
    O4 - HKLM\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
    O4 - HKLM\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NI.UWFX5V_0001_LP] "C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe"
    O4 - HKCU\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
    O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
    O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
    O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
    O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
    O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
    O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
    O4 - HKCU\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
    O4 - HKCU\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
    O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
    O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
    O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
    O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
    O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
    O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKCU\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
    O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
    O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKCU\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
    O4 - HKCU\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
    O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKCU\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
    O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
    O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
    O4 - HKCU\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
    O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
    O4 - HKCU\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
    O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
    O4 - HKCU\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
    O4 - HKCU\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
    O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
    O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
    O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
    O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
    O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
    O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
    O4 - HKCU\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
    O4 - HKCU\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
    O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
    O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
    O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
    O4 - HKCU\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
    O4 - HKCU\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
    O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
    O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
    O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
    O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
    O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
    O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
    O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
    O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
    O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
    O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
    O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
    O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
    O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
    O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
    O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
    O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
    O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
    O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
    O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
    O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
    O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
    O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
    O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
    O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
    O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
    O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
    O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
    O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
    O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
    O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
    O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
    O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
    O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
    O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
    O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
    O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
    O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
    O4 - HKCU\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
    O4 - HKCU\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
    O4 - HKCU\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
    O4 - HKCU\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
    O4 - HKCU\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
    O4 - HKCU\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
    O4 - HKCU\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
    O4 - HKCU\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
    O4 - HKCU\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
    O4 - HKCU\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
    O4 - HKCU\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
    O4 - HKCU\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
    O4 - HKCU\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
    O4 - HKCU\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
    O4 - HKCU\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
    O4 - HKCU\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
    O4 - HKCU\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
    O4 - HKCU\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
    O4 - HKCU\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
    O4 - HKCU\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
    O4 - HKCU\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
    O4 - HKCU\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
    O4 - HKCU\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
    O4 - HKCU\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
    O4 - HKCU\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
    O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
    O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
    O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
    O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
    O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
    O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
    O4 - HKCU\..\Run: [bo] c:\WINNT\System32\body {
    O4 - HKCU\..\Run: [#head] c:\WINNT\System32\#header {
    O4 - HKCU\..\Run: [#ma] c:\WINNT\System32\#main {
    O4 - HKCU\..\Run: [#htit] c:\WINNT\System32\#htitle {
    O4 - HKCU\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
    O4 - HKCU\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
    O4 - HKCU\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
    O4 - HKCU\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
    O4 - HKCU\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
    O4 - HKCU\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
    O4 - HKCU\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
    O4 - HKCU\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
    O4 - HKCU\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
    O4 - HKCU\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
    O4 - HKCU\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
    O4 - HKCU\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
    O4 - HKCU\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
    O4 - HKCU\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
    O4 - HKCU\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
    O4 - HKCU\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
    O4 - HKCU\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
    O4 - HKCU\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
    O4 - HKCU\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
    O4 - HKCU\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
    O4 - HKCU\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
    O4 - HKCU\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
    O4 - HKCU\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
    O4 - HKCU\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
    O4 - HKCU\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
    O4 - HKCU\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
    O4 - HKCU\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
    O4 - HKCU\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
    O4 - HKCU\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
    O4 - HKCU\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
    O4 - HKCU\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
    O4 - HKCU\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
    O4 - HKCU\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
    O4 - HKCU\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
    O4 - HKCU\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
    O4 - HKCU\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
    O4 - HKCU\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
    O4 - HKCU\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
    O4 - HKCU\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
    O4 - HKCU\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
    O4 - HKCU\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
    O4 - HKCU\..\Run: [.sevil] c:\WINNT\System32\.seville {
    O4 - HKCU\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
    O4 - HKCU\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
    O4 - HKCU\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
    O4 - HKCU\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
    O4 - HKCU\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
    O4 - HKCU\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
    O4 - HKCU\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
    O4 - HKCU\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
    O4 - HKCU\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
    O4 - HKCU\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
    O4 - HKCU\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
    O4 - HKCU\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
    O4 - HKCU\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
    O4 - HKCU\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
    O4 - HKCU\..\Run: [.popular] c:\WINNT\System32\.popular a {
    O4 - HKCU\..\Run: [.popul] c:\WINNT\System32\.popular {
    O4 - HKCU\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
    O4 - HKCU\..\Run: [#sear] c:\WINNT\System32\#search {
    O4 - HKCU\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
    O4 - HKCU\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
    O4 - HKCU\..\Run: [#search lab] c:\WINNT\System32\#search label {
    O4 - HKCU\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
    O4 - HKCU\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
    O4 - HKCU\..\Run: [#popb] c:\WINNT\System32\#popbot {
    O4 - HKCU\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
    O4 - HKCU\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
    O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/fr_fr/forHome/products/housecall.html
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0D1A72-6FE9-408E-AD30-268EFCC71650}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.130 80.10.246.3
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)
    i pas tous coche regis par peur merci.
    0
  7. jean38 Messages postés 2534 Date d'inscription   Statut Contributeur Dernière intervention   47
     
    si tu ne coches pas ce que regis t'a dit, c'est pas la peine de venir sur le forum, ta manip n'a servit à rien. Suis ses indications fais le pas bosser plusieurs fois pour te dire la même chose.

    A+

    Jean
    0
  8. BmV Messages postés 43640 Date d'inscription   Statut Modérateur Dernière intervention   4 961
     
    MIKE :

    pour les 326ème fois : RESTE DANS UN MEME POST en utilisant à chaque fois le bouton [Continuer la discussion] en bleu.

    PERSONNE ne peut te suivre ou t'aider si tu fais n'importe quoi à la fois sur ton PC et dans le forum !
    Un minimum de rigueur est indispensable !
    0
  9. Utilisateur anonyme
     
    Pas grave, ou en sont tes soucis...

    a+
    0
  10. mike
     
    bonjour regis et merci de ta comprehension voila je tai mis mon nouveau rapport mais jai effectivement pas tous coche ce que tu ma donne par peur mon pc commencai un peu a beugue merci de le consulter et dit moi ce que je pe effacer sans risque
    0
  11. Utilisateur anonyme
     
    salut mike
    tu avais fais la manip je t avais donné?
    Car la manip que je t avais donné tu pouvais la suivre tu sais

    a+
    0
  12. mike
     
    non regis car je nai pas compris certaines choses deja jai tjrs la barre bleu search web j'ai tous fait . voila je n'ai pas compris les chose suivantes:

    Supprimer les fichiers en suivant le chemin des fichiers infectés si possible, plutot que d'utiliser la fonction "Rechercher"

    S'ils sont présents, supprime:

    C:\Program Files\C2Media Ensuite fais Démarrer > exécuter et tape cmd
    puis valide avec ok

    dans la fenêtre qui va s'ouvrir, copie et colle ceci:

    del /a C:\WINDOWS\tasks\B027360C903CA678.job

    et valide en appuyant sur entrée

    voila et ensuite jai telecharge cleanup40 mais je sais pas me, servir a la fin il fo que je clique ou? et est tilpayant? il a pas lair de fonctioner . merci por ta patience.
    0
  13. Utilisateur anonyme
     
    re mike,
    comme tu l as fais en plusieurs fois, je ne sais pas si cela va marcher, on verra bien !

    Supprimer les fichiers en suivant le chemin des fichiers infectés si possible, plutot que d'utiliser la fonction "Rechercher"

    S'ils sont présents, supprime:

    C:\Program Files\C2Media

    Pour cela, tu fais ceci,
    clik sur demarer, puis poste de travail puis c puis program files, puis recherche C2MEDIA, une fois que tu l as, clik droit dessu et supprimer !


    Ensuite fais Démarrer > exécuter et tape cmd
    puis valide avec ok

    dans la fenêtre qui va s'ouvrir, copie et colle ceci:

    del /a C:\WINDOWS\tasks\B027360C903CA678.job

    et valide en appuyant sur entrée

    Pour cela c est extremement simple:tu clik sur demarer puis sur executer, et tape cmd !
    une fenetre noire s ouvre et la tu copie et colle la ligne que je t ai mise au dessu et tape sur entree (la touche de ton clavier)


    voila et ensuite jai telecharge cleanup40 mais je sais pas me, servir a la fin il fo que je clique ou? et est tilpayant? il a pas lair de fonctioner .
    Non, il est gratuit, regarde sur la video que je t ai mise au dessu c est explike, verifie bien qu il est sur standar !!! et ensuite clik sur clean up et laisse le faire

    Si tu as besoin, n hesites pas de nouveau

    a+
    0
  14. mike
     
    ogfile of HijackThis v1.99.1
    Scan saved at 08:13:08, on 10/10/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\SYSTEM32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\mnmsrvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINNT\system32\wuauclt.exe
    C:\Documents and Settings\poum\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
    O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
    O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
    O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
    O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
    O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
    O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
    O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
    O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
    O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
    O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
    O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
    O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
    O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
    O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
    O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
    O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
    O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
    O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
    O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
    O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
    O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
    O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
    O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
    O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
    O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
    O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
    O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
    O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
    O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
    O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
    O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
    O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
    O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
    O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
    O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
    O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.1 80.10.246.132
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file) voila regis mon nouveau rapport ya til des chose a supprimer? j'ai recopier ce que tu ma dit dans executer cmd et jai taper ce que tu ma donne il dise que c'est invalide a bientot et merci.
    0
  15. Utilisateur anonyme
     
    salut mike

    Hors connection:

    Lance hijackthis et clic sur [Do a system scan only]
    cocher la case au début des lignes suivantes:

    O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
    O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
    O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
    O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe>');
    O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="[RAND]"></ilayer>');
    O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe></noscript>
    O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
    O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
    O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
    O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
    O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
    O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
    O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
    O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
    O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
    O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
    O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
    O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
    O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
    O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
    O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
    O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
    O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
    O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
    O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
    O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
    O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
    O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
    O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
    O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
    O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
    O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
    O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
    O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
    O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe>');
    O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
    O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="[RAND]"></ilayer>');
    O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe></noscript>
    O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
    O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
    O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
    O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
    O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
    O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">

    valider en cliquant sur le bouton [Fix checked]

    Ensuite fais Démarrer > exécuter et tape cmd
    puis valide avec ok

    dans la fenêtre qui va s'ouvrir, copie et colle ceci:

    del /a C:\WINNT\tasks\B027360C903CA678.job

    et valide avec entrée

    Redemarre normalement ton pc, et ensuite fais un scan AV ici:
    http://webscanner.kaspersky.fr/
    A la fin de l'analyse, clic sur le lien qui te permet d'avoir accès au rapport d'analyse et copier/coller le rapport ici + un nouveau rapport hijackthis

    a+
    0
  16. mike
     
    KASPERSKY ON-LINE SCANNER - RAPPORT
    lundi 10 octobre 2005 21:53:42
    Système d'exploitation : Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
    Version de Kaspersky On-line Scanner: 5.0.78.0
    Dernière mise à jour de la base antivirus Kaspersky : 12/11/2005
    Enregistrements dans la base antivirus Kaspersky : 149764

    Paramètres d'analyse
    Analyser avec la base antivirus suivante standard
    Analyser les archives vrai
    Analyser les bases de messagerie. vrai

    Cible de l'analyse Poste de travail
    A:\
    C:\
    E:\

    Statistiques de l'analyse
    Total d'objets analysés : 21312
    Nombre de virus trouvés 3
    Nombre d'objets infectés 3
    Nombre d'objets suspects 0
    Durée de l'analyse 03:33:09

    Nom de l'objet infecté Nom du virus Dernière action
    C:\Documents and Settings\poum\Application Data\dent funk user\Enc Grey Dog.exe Infecté: Trojan-Downloader.Win32.Swizzor.cb ignoré

    C:\Documents and Settings\poum\Application Data\dent funk user\third send about locks.exe Infecté: Trojan-Downloader.Win32.Swizzor.dv ignoré

    C:\WINNT\system32\installer_im.dll Infecté: Trojan-Dropper.Win32.Delf.av ignoré

    Analyse terminée.

    Scan saved at 21:59:33, on 10/10/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\SYSTEM32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\mnmsrvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINNT\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\poum\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.1 80.10.246.132
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)

    voila regis les deux rapport en ce qui concerne ce que tu ma note o dessus je tape cmd je rentre ce que tu ma dit c'est invalide jai document settig pou quand je fait un copier coller il me dise que cest pas valide jai un petit soucis ossi apres toute ces manip mon antivir avast la page de demarage qui etais bleu est devenu blanche est ce normal? est til tjrs actif merci .
    0
  17. Utilisateur anonyme
     
    re,
    en mode sans echec,
    relance hijack this et fixe ceci

    O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();

    O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0"

    src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>

    O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();

    O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe]

    c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');

    O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');

    O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>

    redemarre en normal et remet un log pour voir

    a+
    0
  18. mike
     
    Scan saved at 08:05:30, on 11/10/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\SYSTEM32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\mnmsrvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\poum\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
    O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
    O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
    O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
    O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
    O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.130 80.10.246.3
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)

    voila regis
    0
  19. mike
     
    Silent Runners.vbs", revision 41, http://www.silentrunners.org/
    Operating System: Windows 2000
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    " gSafeOnload[gSafeOnload.length] " = "c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;" [file not found]
    " gSafeOnload[0] = window.onl" = "c:\WINNT\System32\ gSafeOnload[0] = window.onload;" [file not found]
    " gSafeOnload[i" = "c:\WINNT\System32\ gSafeOnload[i]();" [file not found]
    "WebCamRT.exe" = (empty string)
    "document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe" = "c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');" [file not found]
    "document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer" = "c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');" [file not found]
    "<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr" = "c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>" [file not found]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "LoadQM" = "loadqm.exe" [MS]
    "LVCOMS" = "C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" ["Logitech Inc."]
    "SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
    "Synchronization Manager" = "mobsync.exe /logon" [MS]
    " gSafeOnload[gSafeOnload.length] " = "c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;" [file not found]
    " gSafeOnload[0] = window.onl" = "c:\WINNT\System32\ gSafeOnload[0] = window.onload;" [file not found]
    " gSafeOnload[i" = "c:\WINNT\System32\ gSafeOnload[i]();" [file not found]
    "MessagerStarter Wanadoo" = "C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo" [file not found]
    "document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe" = "c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');" [file not found]
    "document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer" = "c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');" [file not found]
    "<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr" = "c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>" [file not found]
    "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    {5945c046-1e7d-11d1-bc44-00c04fd912be}\(Default) = "MSN Messenger 4.5"
    \StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.Remove.PerUser" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
    voila regis ca marche bcp mieux dejamerci
    0
  • 1
  • 2
  • 3
  • 4