Sujet Précédent Sujet Suivant

Pour regis de la part de mike

mike -  
 mike -
bonjour regis je tai laisser mes deux rapport sur le forum o debut jai pas eu de reponse

64 réponses

Réponse 1 / 64
Utilisateur anonyme
 
salut
oui je sais, mais je n etais pas dispo lorsque tu les as poster et ensuite quelqu un a reposter dessu, donc je m y suis perdu
ainsi il me faudrait de nouveaux rapports, car ils ont pu changer depuis 2jours

merci

a+
0
Réponse 2 / 64
mike
 
voici le nouveau
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Documents and Settings\poum\Mes documents\HijackThis.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\SYSTEM32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abzfgizitavpb.com/f_YwjYPnZe_Yr26oroUWXkO7vCiqHKoKaZFa7_wKvMs.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {74CE87D7-69C6-6200-205D-32730F8D1C04} - C:\DOCUME~1\poum\APPLIC~1\MEOWHI~1\manager keep.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D1D8EF24-D4AF-75F1-B7E0-FD786BBDAC86} - C:\WINNT\system32\ojwsjycz.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKLM\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKLM\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKLM\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKLM\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKLM\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKLM\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKLM\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKLM\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKLM\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKLM\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKLM\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKLM\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKLM\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKLM\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKLM\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKLM\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKLM\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKLM\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKLM\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKLM\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKLM\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKLM\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKLM\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKLM\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKLM\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKLM\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKLM\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKLM\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKLM\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKLM\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKLM\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKLM\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKLM\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKLM\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKLM\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKLM\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKLM\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKLM\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKLM\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKLM\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKLM\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKLM\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKLM\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKLM\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKLM\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKLM\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKLM\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKLM\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKLM\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKLM\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKLM\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKLM\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKLM\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKLM\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKLM\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKLM\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKLM\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKLM\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKLM\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKLM\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKLM\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKLM\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKLM\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKLM\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKLM\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKLM\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKLM\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKLM\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKLM\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKLM\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKLM\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKLM\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKLM\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKLM\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKLM\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKLM\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKLM\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKLM\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKLM\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKLM\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKLM\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKLM\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKLM\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKLM\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKLM\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKLM\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKLM\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKLM\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKLM\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKLM\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKLM\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKLM\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKLM\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKLM\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKLM\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKLM\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKLM\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKLM\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKLM\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKLM\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKLM\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKLM\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKLM\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKLM\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKLM\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKLM\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKLM\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKLM\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKLM\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UWFX5V_0001_LP] "C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe"
O4 - HKLM\..\Run: [Amok seek flaw view] C:\Documents and Settings\All Users\Application Data\Savenurbamokseek\Okay Delete.exe
O4 - HKCU\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKCU\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKCU\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKCU\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKCU\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKCU\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKCU\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKCU\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKCU\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKCU\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKCU\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKCU\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKCU\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKCU\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKCU\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKCU\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKCU\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKCU\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKCU\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKCU\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKCU\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKCU\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKCU\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKCU\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKCU\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKCU\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKCU\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKCU\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKCU\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKCU\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKCU\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKCU\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKCU\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKCU\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKCU\..\Run: [build city] C:\DOCUME~1\poum\APPLIC~1\DENTFU~1\soft axis.exe
O4 - HKCU\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKCU\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKCU\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKCU\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKCU\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKCU\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKCU\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKCU\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKCU\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKCU\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKCU\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKCU\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKCU\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKCU\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKCU\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKCU\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKCU\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKCU\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKCU\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKCU\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKCU\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKCU\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKCU\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKCU\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKCU\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKCU\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKCU\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKCU\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKCU\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKCU\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKCU\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKCU\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKCU\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKCU\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKCU\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKCU\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKCU\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKCU\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKCU\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKCU\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKCU\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKCU\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKCU\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKCU\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKCU\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKCU\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKCU\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKCU\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKCU\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKCU\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKCU\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKCU\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKCU\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKCU\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKCU\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKCU\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKCU\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKCU\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKCU\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKCU\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKCU\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKCU\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKCU\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKCU\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKCU\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKCU\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKCU\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKCU\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKCU\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKCU\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKCU\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKCU\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/fr_fr/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0D1A72-6FE9-408E-AD30-268EFCC71650}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs: PAVWAIT.DLL Œ*FX
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)

rapport hijackthis que dois je effacer regis
0
Réponse 3 / 64
mike
 
voici le rappoRapport fait à 15:49:06.38 le lun. 03/10/2005

Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\administrateur\Application Data

22/12/2004 02:11 <DIR> Macromedia
01/04/2003 14:46 2352 mpauth.dat
22/06/2002 18:13 <DIR> Help
21/06/2002 19:03 <DIR> Symantec
31/08/2001 12:12 <DIR> Adobe
31/08/2001 12:12 <DIR> InterTrust
06/08/2001 18:05 <DIR> Identities
06/08/2001 18:04 <DIR> Microsoft
06/08/2001 18:04 <DIR> ..
06/08/2001 18:04 <DIR> .
05/01/1997 21:09 <DIR> {2CF0B992-5EEB-4143-99C2-5297EF71F44B}
1 fichier(s) 2352 octets
10 R‚p(s) 298139648 octets libres
Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\All Users\Application Data

28/09/2005 07:03 <DIR> Spybot - Search & Destroy
04/04/2005 01:47 <DIR> Messenger Plus!
04/04/2005 01:42 <DIR> Savenurbamokseek
24/09/2002 10:20 <DIR> OLYMPUS
24/09/2002 09:57 <DIR> QuickTime
25/04/2002 11:43 <DIR> Symantec
05/08/2001 17:10 <DIR> Microsoft
05/08/2001 16:59 <DIR> ..
05/08/2001 16:59 <DIR> .
0 fichier(s) 0 octets
9 R‚p(s) 298139648 octets libres
Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\Default User\Application Data

15/10/2003 09:14 <DIR> Symantec
05/08/2001 16:59 <DIR> ..
05/08/2001 16:59 <DIR> .
05/08/2001 16:19 <DIR> Microsoft
0 fichier(s) 0 octets
4 R‚p(s) 298139648 octets libres
Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\poum\Application Data

30/09/2005 18:58 <DIR> Media Player Classic
28/09/2005 18:30 <DIR> Meowhidegreat
28/09/2005 15:00 <DIR> MSNInstaller
13/09/2005 11:32 <DIR> Google
05/04/2005 10:22 <DIR> XnView
04/04/2005 01:41 <DIR> dent funk user
25/12/2004 05:58 <DIR> Yahoo!
12/05/2003 13:54 <DIR> InterTrust
12/05/2003 13:49 0 dm.ini
31/03/2003 23:16 3136 mpauth.dat
05/08/2002 10:37 <DIR> Symantec
18/07/2002 16:30 <DIR> Help
14/07/2002 18:40 <DIR> Macromedia
22/06/2002 19:00 <DIR> Adobe
22/06/2002 18:55 <DIR> Identities
22/06/2002 18:55 <DIR> Microsoft
22/06/2002 18:55 <DIR> ..
22/06/2002 18:55 <DIR> .
01/01/1997 13:26 <DIR> PhotoParade
2 fichier(s) 3136 octets
17 R‚p(s) 298139648 octets libres
Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\Poum 2\Application Data

12/08/2004 19:43 <DIR> Identities
12/08/2004 19:42 <DIR> Microsoft
12/08/2004 19:42 <DIR> Symantec
12/08/2004 19:42 <DIR> ..
12/08/2004 19:42 <DIR> .
0 fichier(s) 0 octets
5 R‚p(s) 298139648 octets libres
******************************************
Recherche des taches planifiées dans C:\WINNT\tasks

Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\WINNT\Tasks

28/09/2005 18:31 256 B027360C903CA678.job
05/08/2001 16:21 6 SA.DAT
05/08/2001 16:17 65 desktop.ini
05/08/2001 16:17 <DIR> ..
05/08/2001 16:17 <DIR> .
3 fichier(s) 327 octets
2 R‚p(s) 298ÿ074ÿ112 octets libres

******************************************
Recherche dans Program files

C:\Program Files\C2Media Présent !

*************** Fin du rapport ****************
Rapport fait à 12:58:40.28 le mar. 04/10/2005

Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\administrateur\Application Data

22/12/2004 02:11 <DIR> Macromedia
01/04/2003 14:46 2352 mpauth.dat
22/06/2002 18:13 <DIR> Help
21/06/2002 19:03 <DIR> Symantec
31/08/2001 12:12 <DIR> Adobe
31/08/2001 12:12 <DIR> InterTrust
06/08/2001 18:05 <DIR> Identities
06/08/2001 18:04 <DIR> Microsoft
06/08/2001 18:04 <DIR> ..
06/08/2001 18:04 <DIR> .
05/01/1997 21:09 <DIR> {2CF0B992-5EEB-4143-99C2-5297EF71F44B}
1 fichier(s) 2352 octets
10 R‚p(s) 291500032 octets libres
Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\All Users\Application Data

03/10/2005 23:53 1763 QTSBandwidthCache
03/10/2005 23:29 <DIR> Apple Computer
28/09/2005 07:03 <DIR> Spybot - Search & Destroy
04/04/2005 01:47 <DIR> Messenger Plus!
04/04/2005 01:42 <DIR> Savenurbamokseek
24/09/2002 10:20 <DIR> OLYMPUS
25/04/2002 11:43 <DIR> Symantec
05/08/2001 17:10 <DIR> Microsoft
05/08/2001 16:59 <DIR> ..
05/08/2001 16:59 <DIR> .
1 fichier(s) 1763 octets
9 R‚p(s) 291500032 octets libres
Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\Default User\Application Data

15/10/2003 09:14 <DIR> Symantec
05/08/2001 16:59 <DIR> ..
05/08/2001 16:59 <DIR> .
05/08/2001 16:19 <DIR> Microsoft
0 fichier(s) 0 octets
4 R‚p(s) 291500032 octets libres
Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\poum\Application Data

03/10/2005 23:49 <DIR> Apple Computer
30/09/2005 18:58 <DIR> Media Player Classic
28/09/2005 18:30 <DIR> Meowhidegreat
28/09/2005 15:00 <DIR> MSNInstaller
13/09/2005 11:32 <DIR> Google
05/04/2005 10:22 <DIR> XnView
04/04/2005 01:41 <DIR> dent funk user
25/12/2004 05:58 <DIR> Yahoo!
12/05/2003 13:54 <DIR> InterTrust
12/05/2003 13:49 0 dm.ini
31/03/2003 23:16 3136 mpauth.dat
05/08/2002 10:37 <DIR> Symantec
18/07/2002 16:30 <DIR> Help
14/07/2002 18:40 <DIR> Macromedia
22/06/2002 19:00 <DIR> Adobe
22/06/2002 18:55 <DIR> Identities
22/06/2002 18:55 <DIR> Microsoft
22/06/2002 18:55 <DIR> ..
22/06/2002 18:55 <DIR> .
01/01/1997 13:26 <DIR> PhotoParade
2 fichier(s) 3136 octets
18 R‚p(s) 291500032 octets libres
Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\Documents and Settings\Poum 2\Application Data

12/08/2004 19:43 <DIR> Identities
12/08/2004 19:42 <DIR> Microsoft
12/08/2004 19:42 <DIR> Symantec
12/08/2004 19:42 <DIR> ..
12/08/2004 19:42 <DIR> .
0 fichier(s) 0 octets
5 R‚p(s) 291434496 octets libres
******************************************
Recherche des taches planifiées dans C:\WINNT\tasks

Le volume dans le lecteur C s'appelle mon disque dur
Le num‚ro de s‚rie du volume est 44A3-789E

R‚pertoire de C:\WINNT\Tasks

28/09/2005 18:31 256 B027360C903CA678.job
05/08/2001 16:21 6 SA.DAT
05/08/2001 16:17 65 desktop.ini
05/08/2001 16:17 <DIR> ..
05/08/2001 16:17 <DIR> .
3 fichier(s) 327 octets
2 R‚p(s) 291ÿ495ÿ936 octets libres

******************************************
Recherche dans Program files

C:\Program Files\C2Media Présent !

*************** Fin du rapport ****************rt lop txt
0
Réponse 4 / 64
Utilisateur anonyme
 
Bonjour,

Imprime, ou enregistre la manip dans un fichier dans le bloc notes pour être sur ne rien oublier et de tout faire dans l'ordre.

1/Telecharge ceci: Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci à Balltrap34).
http://pageperso.aol.fr/balltrap34/democleanup.htm

Déconnecte toi d'Internet et ferme tout les programmes en cours.

Redémarre en mode sans échec
Redémarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
(Si F8 ne marche pas, essai F5)

Rend visible les fichiers cachés et système
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extensions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Lance hijackthis et clic sur [do a system scan only]
cocher la case au début des lignes suivantes:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abzfgizitavpb.com/f_YwjYPnZe_Yr26oroUWXkO7vCiqHKoKaZFa7_wKvMs.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R3 - Default URLSearchHook is missing

O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com

O4 - HKLM\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKLM\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKLM\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKLM\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKLM\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKLM\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKLM\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKLM\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKLM\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKLM\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKLM\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;

O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKLM\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKLM\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKLM\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKLM\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKLM\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKLM\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKLM\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKLM\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKLM\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKLM\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKLM\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKLM\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKLM\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKLM\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKLM\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKLM\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKLM\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKLM\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKLM\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKLM\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKLM\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKLM\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKLM\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKLM\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKLM\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKLM\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKLM\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKLM\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKLM\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKLM\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKLM\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKLM\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKLM\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKLM\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKLM\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKLM\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKLM\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKLM\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKLM\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKLM\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKLM\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKLM\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKLM\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKLM\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKLM\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKLM\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKLM\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKLM\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKLM\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKLM\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKLM\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKLM\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKLM\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKLM\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKLM\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKLM\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKLM\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKLM\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKLM\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKLM\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKLM\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKLM\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKLM\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKLM\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKLM\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKLM\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKLM\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKLM\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKLM\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKLM\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKLM\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKLM\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKLM\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKLM\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKLM\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKLM\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKLM\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKLM\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKLM\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKLM\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKLM\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKLM\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKLM\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKLM\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKLM\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKLM\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKLM\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKLM\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKLM\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKLM\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKLM\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKLM\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKLM\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKLM\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKLM\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKLM\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKLM\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKLM\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKLM\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {

O4 - HKLM\..\Run: [NI.UWFX5V_0001_LP] "C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe"
O4 - HKLM\..\Run: [Amok seek flaw view] C:\Documents and Settings\All Users\Application Data\Savenurbamokseek\Okay Delete.exe
O4 - HKCU\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKCU\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKCU\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKCU\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKCU\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKCU\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKCU\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKCU\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKCU\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKCU\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKCU\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKCU\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKCU\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKCU\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKCU\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKCU\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKCU\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKCU\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKCU\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKCU\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKCU\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKCU\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKCU\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKCU\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKCU\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKCU\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKCU\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKCU\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKCU\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKCU\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKCU\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKCU\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKCU\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKCU\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKCU\..\Run: [build city] C:\DOCUME~1\poum\APPLIC~1\DENTFU~1\soft axis.exe
O4 - HKCU\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKCU\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKCU\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKCU\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKCU\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKCU\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKCU\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKCU\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKCU\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKCU\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKCU\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKCU\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKCU\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKCU\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKCU\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKCU\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKCU\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKCU\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKCU\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKCU\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKCU\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKCU\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKCU\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKCU\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKCU\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKCU\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKCU\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKCU\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKCU\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKCU\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKCU\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKCU\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKCU\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKCU\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKCU\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKCU\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKCU\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKCU\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKCU\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKCU\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKCU\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKCU\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKCU\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKCU\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKCU\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKCU\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKCU\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKCU\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKCU\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKCU\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKCU\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKCU\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKCU\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKCU\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKCU\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKCU\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKCU\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKCU\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKCU\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKCU\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKCU\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKCU\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKCU\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKCU\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKCU\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKCU\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKCU\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKCU\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKCU\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKCU\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKCU\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKCU\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {

O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0D1A72-6FE9-408E-AD30-268EFCC71650}: NameServer = 192.168.1.1

O20 - AppInit_DLLs: PAVWAIT.DLL Œ*FX

valider en cliquant sur le bouton [fix checked]

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Recherche et supprime ces dossiers:

Supprimer les fichiers en suivant le chemin des fichiers infectés si possible, plutot que d'utiliser la fonction "Rechercher"

S'ils sont présents, supprime:

C:\Program Files\C2Media

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Ensuite fais Démarrer > exécuter et tape cmd
puis valide avec ok

dans la fenêtre qui va s'ouvrir, copie et colle ceci:

del /a C:\WINDOWS\tasks\B027360C903CA678.job

et valide en appuyant sur entrée

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Ensuite, très important:

:: Supprimer les fichiers temporaires ::

Exécute cleanup40.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Redémarre normalement et reposte un Hijackthis sur le poste…

Précises moi ou en sont tes soucis…

A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 64
mike
 
voila le nouveau rapport jaLogfile of HijackThis v1.99.1
Scan saved at 18:33:27, on 04/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Documents and Settings\poum\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kggtglfulwfjyhdefca.net/f_YwjYPnZe_1ByT_zxGxeRjPKpvETkjZKhKBQgiSgfo5pIe39twcisFNFjXt2N8T.html
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKLM\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKLM\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKLM\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKLM\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKLM\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKLM\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKLM\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKLM\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKLM\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKLM\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKLM\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKLM\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKLM\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKLM\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKLM\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKLM\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKLM\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKLM\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKLM\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKLM\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKLM\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKLM\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKLM\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKLM\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKLM\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKLM\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKLM\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKLM\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKLM\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKLM\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKLM\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKLM\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKLM\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKLM\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKLM\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKLM\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKLM\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKLM\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKLM\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKLM\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKLM\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKLM\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKLM\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKLM\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKLM\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKLM\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKLM\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKLM\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKLM\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKLM\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKLM\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKLM\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKLM\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKLM\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKLM\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKLM\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKLM\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKLM\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKLM\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKLM\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKLM\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKLM\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKLM\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKLM\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKLM\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKLM\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKLM\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKLM\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKLM\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKLM\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKLM\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKLM\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKLM\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKLM\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKLM\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKLM\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKLM\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKLM\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKLM\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKLM\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKLM\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKLM\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKLM\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKLM\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKLM\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKLM\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKLM\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKLM\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKLM\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKLM\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKLM\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKLM\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKLM\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKLM\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKLM\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKLM\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKLM\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKLM\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKLM\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKLM\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKLM\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKLM\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKLM\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKLM\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKLM\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKLM\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKLM\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKLM\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKLM\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKLM\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKLM\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKLM\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKLM\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UWFX5V_0001_LP] "C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe"
O4 - HKCU\..\Run: [// Browser Detec] c:\WINNT\System32\// Browser Detection
O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINNT\System32\NS4 = (document.layers) ? true : false;
O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINNT\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINNT\System32\IE4plus = (document.all) ? true : false;
O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINNT\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINNT\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINNT\System32\IE5plus = IE5 || IE6;
O4 - HKCU\..\Run: [IEMajor ] c:\WINNT\System32\IEMajor = 0;
O4 - HKCU\..\Run: [if (IE4p] c:\WINNT\System32\if (IE4plus)
O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINNT\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINNT\System32\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINNT\System32\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINNT\System32\function SafeAddOnload(f)
O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINNT\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ else if (window.onl] c:\WINNT\System32\ else if (window.onload)
O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINNT\System32\ if (window.onload != SafeOnload)
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ window.onload ] c:\WINNT\System32\ window.onload = f;
O4 - HKCU\..\Run: [function SafeOnlo] c:\WINNT\System32\function SafeOnload()
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [function isInt(nu] c:\WINNT\System32\function isInt(numIn)
O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINNT\System32\ var checknum = parseInt(numIn);
O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINNT\System32\ return !isNaN(checknum);
O4 - HKCU\..\Run: [function PUW_In] c:\WINNT\System32\function PUW_Init()
O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKCU\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINNT\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKCU\..\Run: [ if (! this.on] c:\WINNT\System32\ if (! this.ontop)
O4 - HKCU\..\Run: [ window.focu] c:\WINNT\System32\ window.focus();
O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINNT\System32\function PUW_CheckFrequency()
O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINNT\System32\ var shouldShow = this.frequency != 0;
O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINNT\System32\ var allCookies = document.cookie;
O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINNT\System32\ end = allCookies.length;
O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINNT\System32\ var freqStr = allCookies.substring(start+9,end);
O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINNT\System32\ if (isInt(freqStr))
O4 - HKCU\..\Run: [ this.frequency = parseInt(freqS] c:\WINNT\System32\ this.frequency = parseInt(freqStr);
O4 - HKCU\..\Run: [ this.frequenc] c:\WINNT\System32\ this.frequency--;
O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINNT\System32\ shouldShow = false;
O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINNT\System32\ var exp = new Date();
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINNT\System32\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [ this.width = wi] c:\WINNT\System32\ this.width = width;
O4 - HKCU\..\Run: [ this.height = hei] c:\WINNT\System32\ this.height = height;
O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINNT\System32\ this.top = screen.availHeight/2 - height/2; // center
O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINNT\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - HKCU\..\Run: [ <META NAME="DESCRIPTION" CONTENT="ne] c:\WINNT\System32\ <META NAME="DESCRIPTION" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="KEYWORDS" CONTENT="ne] c:\WINNT\System32\ <META NAME="KEYWORDS" CONTENT="news">
O4 - HKCU\..\Run: [ <META NAME="distribution" CONTENT="Glob] c:\WINNT\System32\ <META NAME="distribution" CONTENT="Global">
O4 - HKCU\..\Run: [ <META NAME="revisit-after" CONTENT="30 da] c:\WINNT\System32\ <META NAME="revisit-after" CONTENT="30 days">
O4 - HKCU\..\Run: [ <META NAME="robots" CONTENT="FOLLOW,IND] c:\WINNT\System32\ <META NAME="robots" CONTENT="FOLLOW,INDEX">
O4 - HKCU\..\Run: [<link rel="stylesheet" href="cool.css" type="text/c] c:\WINNT\System32\<link rel="stylesheet" href="cool.css" type="text/css">
O4 - HKCU\..\Run: [<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight=] c:\WINNT\System32\<body bgcolor="#FFFFFF" text="#666666" Link="#000CD" vlink="#FF9933" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
O4 - HKCU\..\Run: [<table width='100%' align="center" cellspacing="0" cellpadding='10' border=] c:\WINNT\System32\<table width='100%' align="center" cellspacing="0" cellpadding='10' border='0'>
O4 - HKCU\..\Run: [<td background='/images/b.jpg' height='35' align="rig] c:\WINNT\System32\<td background='/images/b.jpg' height='35' align="right">
O4 - HKCU\..\Run: [<form name="form1" method="get" action="http://www.newsinsider.us/read.a] c:\WINNT\System32\<form name="form1" method="get" action="http://www.newsinsider.us/read.asp">
O4 - HKCU\..\Run: [<img src="/images/s.g] c:\WINNT\System32\<img src="/images/s.gif">
O4 - HKCU\..\Run: [ <input name="keywords" type="text" size="] c:\WINNT\System32\ <input name="keywords" type="text" size="27">
O4 - HKCU\..\Run: [<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Sear] c:\WINNT\System32\<input type="image" src="/images/g.jpg" border="0" align="absmiddle" alt="Search">
O4 - HKCU\..\Run: [GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br>] c:\WINNT\System32\GNOME Community News Find all the GNOME community news you can read on FootNotes!</font><br><br>
O4 - HKCU\..\Run: [News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br>] c:\WINNT\System32\News and media directory offering radio, television, internet broadcasts, magazines, newspapers and lastest news.</font><br><br>
O4 - HKCU\..\Run: [Soon you could be getting weather forecasts and text messages on your toast.</font><br>] c:\WINNT\System32\Soon you could be getting weather forecasts and text messages on your toast.</font><br><br>
O4 - HKCU\..\Run: [New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br>] c:\WINNT\System32\New Face Added to Humankind's Family Tree. On the western shore of Kenya's Lake Turkana, a team headed by Meave Leakey and supported by the National Geographic Society has<br</font><br><br>
O4 - HKCU\..\Run: [Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br>] c:\WINNT\System32\Copyright NewMalaysia.com (An ASIACO partner), All Rights Reserved. Legal & PrivacyNotices This site is powered byMicroasia Servers. Asia Internet solution provider.</font><br><br>
O4 - HKCU\..\Run: [/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'>] c:\WINNT\System32\/a></font><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br>
O4 - HKCU\..\Run: [The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br>] c:\WINNT\System32\The latest breaking news across Australia and the world, drawing on the resources of News Limited's 100 newspapers, 3000 journalists and a dedicated online team. Updated seven days a week, as news breaks.</font><br><br>
O4 - HKCU\..\Run: [News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br>] c:\WINNT\System32\News about ART for The Design, Publishing, and Computing Community!Good stuff for anyone who uses a computer!</font><br><br>
O4 - HKCU\..\Run: [Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br>] c:\WINNT\System32\Twelve breast cancer patients strip off for a calendar to show that women do beat the condition.</font><br><br>
O4 - HKCU\..\Run: [IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br>] c:\WINNT\System32\IT News, Financial Research Center/Centre and Search Engines, Stocks and Shares</font><br><br>
O4 - HKCU\..\Run: [Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br>] c:\WINNT\System32\Salzgitter-News informiert die Region ber Notdienste, Veranstaltungen, Kino und vieles mehr ! Ausserdem kostenlose Handylogos, Digi-Cards, Bilder der Stadt......</font><br><br>
O4 - HKCU\..\Run: [</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br>] c:\WINNT\System32\</td><td valign='top' width='15%' background='/images/pbgd.gif'><font face='Verdana, Arial, Helvetica, sans-serif' size='1' color='#999999'><b>Related Categories</b><br><br>
O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINNT\System32\top.location.replace(strTemp);
O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINNT\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=shopping father's day&chnl=1&t=r&pb=1265">shopping father's day</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1265"></script>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></cen] c:\WINNT\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=style fashion jewelry diamond rings&chnl=1&t=r&pb=1313">style fashion jewelry diamond rings</a></font></center>
O4 - HKCU\..\Run: [ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></scr] c:\WINNT\System32\ <script id="kmpScript" src="http://ads.kmpads.com/pcode.js?po=2037338015&cat=1313"></script>
O4 - HKCU\..\Run: [bo] c:\WINNT\System32\body {
O4 - HKCU\..\Run: [#head] c:\WINNT\System32\#header {
O4 - HKCU\..\Run: [#ma] c:\WINNT\System32\#main {
O4 - HKCU\..\Run: [#htit] c:\WINNT\System32\#htitle {
O4 - HKCU\..\Run: [#htitle ] c:\WINNT\System32\#htitle h1 {
O4 - HKCU\..\Run: [#htitle] c:\WINNT\System32\#htitle p {
O4 - HKCU\..\Run: [ margin-top: ] c:\WINNT\System32\ margin-top: 6px;
O4 - HKCU\..\Run: [ height: 2] c:\WINNT\System32\ height: 22px;
O4 - HKCU\..\Run: [ width: 78] c:\WINNT\System32\ width: 786px;
O4 - HKCU\..\Run: [ background: #1c5] c:\WINNT\System32\ background: #1c509d;
O4 - HKCU\..\Run: [#poptop ta] c:\WINNT\System32\#poptop table{
O4 - HKCU\..\Run: [#poptop ] c:\WINNT\System32\#poptop td {
O4 - HKCU\..\Run: [ text-align: cen] c:\WINNT\System32\ text-align: center;
O4 - HKCU\..\Run: [ font-size: 1] c:\WINNT\System32\ font-size: 10px;
O4 - HKCU\..\Run: [#poptop] c:\WINNT\System32\#poptop a {
O4 - HKCU\..\Run: [ color: #] c:\WINNT\System32\ color: #fff;
O4 - HKCU\..\Run: [ font-weight: b] c:\WINNT\System32\ font-weight: bold;
O4 - HKCU\..\Run: [ text-decoration: n] c:\WINNT\System32\ text-decoration: none;
O4 - HKCU\..\Run: [#poptop a:hov] c:\WINNT\System32\#poptop a:hover {
O4 - HKCU\..\Run: [ text-decoration: underl] c:\WINNT\System32\ text-decoration: underline;
O4 - HKCU\..\Run: [.poplinks, .rellin] c:\WINNT\System32\.poplinks, .rellinks {
O4 - HKCU\..\Run: [ position: absol] c:\WINNT\System32\ position: absolute;
O4 - HKCU\..\Run: [ left: ] c:\WINNT\System32\ left: 4px;
O4 - HKCU\..\Run: [ border-left: 1px solid #1c5] c:\WINNT\System32\ border-left: 1px solid #1c509d;
O4 - HKCU\..\Run: [ border-right: 1px solid #1c5] c:\WINNT\System32\ border-right: 1px solid #1c509d;
O4 - HKCU\..\Run: [.poplinks h2, .rellinks ] c:\WINNT\System32\.poplinks h2, .rellinks h2 {
O4 - HKCU\..\Run: [ display: bl] c:\WINNT\System32\ display: block;
O4 - HKCU\..\Run: [ line-height: 2] c:\WINNT\System32\ line-height: 20px;
O4 - HKCU\..\Run: [.poplinks ul, .rellinks ] c:\WINNT\System32\.poplinks ul, .rellinks ul {
O4 - HKCU\..\Run: [ list-style-type: n] c:\WINNT\System32\ list-style-type: none;
O4 - HKCU\..\Run: [.poplinks a, .rellinks] c:\WINNT\System32\.poplinks a, .rellinks a {
O4 - HKCU\..\Run: [ border-bottom: 1px solid #1c5] c:\WINNT\System32\ border-bottom: 1px solid #1c509d;
O4 - HKCU\..\Run: [ padding-left: ] c:\WINNT\System32\ padding-left: 6px;
O4 - HKCU\..\Run: [ background: #] c:\WINNT\System32\ background: #fff;
O4 - HKCU\..\Run: [ color: #000] c:\WINNT\System32\ color: #000000;
O4 - HKCU\..\Run: [ text-decoration:n] c:\WINNT\System32\ text-decoration:none;
O4 - HKCU\..\Run: [ font-weight:b] c:\WINNT\System32\ font-weight:bold;
O4 - HKCU\..\Run: [#hlin] c:\WINNT\System32\#hlinks {
O4 - HKCU\..\Run: [ right: ] c:\WINNT\System32\ right: 9px;
O4 - HKCU\..\Run: [ top: ] c:\WINNT\System32\ top: 0px;
O4 - HKCU\..\Run: [ text-align: ri] c:\WINNT\System32\ text-align: right;
O4 - HKCU\..\Run: [ color: #808] c:\WINNT\System32\ color: #808080;
O4 - HKCU\..\Run: [#hlinks #da] c:\WINNT\System32\#hlinks #date {
O4 - HKCU\..\Run: [#hlinks #lin] c:\WINNT\System32\#hlinks #links {
O4 - HKCU\..\Run: [ line-height: 3] c:\WINNT\System32\ line-height: 30px;
O4 - HKCU\..\Run: [.sevil] c:\WINNT\System32\.seville {
O4 - HKCU\..\Run: [ margin-left: 18] c:\WINNT\System32\ margin-left: 180px;
O4 - HKCU\..\Run: [ border: 1px solid #1c5] c:\WINNT\System32\ border: 1px solid #1c509d;
O4 - HKCU\..\Run: [ width: 58] c:\WINNT\System32\ width: 586px;
O4 - HKCU\..\Run: [ padding: ] c:\WINNT\System32\ padding: 6px;
O4 - HKCU\..\Run: [.seville h2,] c:\WINNT\System32\.seville h2,h3 {
O4 - HKCU\..\Run: [.seville ] c:\WINNT\System32\.seville ul {
O4 - HKCU\..\Run: [ font-weight: nor] c:\WINNT\System32\ font-weight: normal;
O4 - HKCU\..\Run: [.seville tab] c:\WINNT\System32\.seville table {
O4 - HKCU\..\Run: [.seville table ] c:\WINNT\System32\.seville table td {
O4 - HKCU\..\Run: [ width: 19] c:\WINNT\System32\ width: 195px;
O4 - HKCU\..\Run: [ margin-left: 1] c:\WINNT\System32\ margin-left: 10px;
O4 - HKCU\..\Run: [ padding-bottom: 1] c:\WINNT\System32\ padding-bottom: 10px;
O4 - HKCU\..\Run: [h2.pophe] c:\WINNT\System32\h2.pophead {
O4 - HKCU\..\Run: [ color: gr] c:\WINNT\System32\ color: green;
O4 - HKCU\..\Run: [.popular] c:\WINNT\System32\.popular a {
O4 - HKCU\..\Run: [.popul] c:\WINNT\System32\.popular {
O4 - HKCU\..\Run: [ margin-bottom: 2] c:\WINNT\System32\ margin-bottom: 20px;
O4 - HKCU\..\Run: [#sear] c:\WINNT\System32\#search {
O4 - HKCU\..\Run: [ clear: b] c:\WINNT\System32\ clear: both;
O4 - HKCU\..\Run: [ margin-left: 20] c:\WINNT\System32\ margin-left: 200px;
O4 - HKCU\..\Run: [#search lab] c:\WINNT\System32\#search label {
O4 - HKCU\..\Run: [#search input.te] c:\WINNT\System32\#search input.text {
O4 - HKCU\..\Run: [ width: 22] c:\WINNT\System32\ width: 220px;
O4 - HKCU\..\Run: [#popb] c:\WINNT\System32\#popbot {
O4 - HKCU\..\Run: [#popbot] c:\WINNT\System32\#popbot a {
O4 - HKCU\..\Run: [#popbot a:hov] c:\WINNT\System32\#popbot a:hover {
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/fr_fr/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0D1A72-6FE9-408E-AD30-268EFCC71650}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)
i pas tous coche regis par peur merci.
0
Réponse 6 / 64
jean38 Messages postés 2534 Date d'inscription   Statut Contributeur Dernière intervention   47
 
si tu ne coches pas ce que regis t'a dit, c'est pas la peine de venir sur le forum, ta manip n'a servit à rien. Suis ses indications fais le pas bosser plusieurs fois pour te dire la même chose.

A+

Jean
0
Réponse 7 / 64
BmV Messages postés 98705 Date d'inscription   Statut Modérateur Dernière intervention   4 895
 
MIKE :

pour les 326ème fois : RESTE DANS UN MEME POST en utilisant à chaque fois le bouton [Continuer la discussion] en bleu.

PERSONNE ne peut te suivre ou t'aider si tu fais n'importe quoi à la fois sur ton PC et dans le forum !
Un minimum de rigueur est indispensable !
0
Réponse 8 / 64
mike
 
desole
0
Réponse 9 / 64
Utilisateur anonyme
 
Pas grave, ou en sont tes soucis...

a+
0
Réponse 10 / 64
mike
 
bonjour regis et merci de ta comprehension voila je tai mis mon nouveau rapport mais jai effectivement pas tous coche ce que tu ma donne par peur mon pc commencai un peu a beugue merci de le consulter et dit moi ce que je pe effacer sans risque
0
Réponse 11 / 64
Utilisateur anonyme
 
salut mike
tu avais fais la manip je t avais donné?
Car la manip que je t avais donné tu pouvais la suivre tu sais

a+
0
Réponse 12 / 64
mike
 
non regis car je nai pas compris certaines choses deja jai tjrs la barre bleu search web j'ai tous fait . voila je n'ai pas compris les chose suivantes:

Supprimer les fichiers en suivant le chemin des fichiers infectés si possible, plutot que d'utiliser la fonction "Rechercher"

S'ils sont présents, supprime:

C:\Program Files\C2Media Ensuite fais Démarrer > exécuter et tape cmd
puis valide avec ok

dans la fenêtre qui va s'ouvrir, copie et colle ceci:

del /a C:\WINDOWS\tasks\B027360C903CA678.job

et valide en appuyant sur entrée

voila et ensuite jai telecharge cleanup40 mais je sais pas me, servir a la fin il fo que je clique ou? et est tilpayant? il a pas lair de fonctioner . merci por ta patience.
0
aranjuez31 Messages postés 8069 Statut Contributeur 354
 
bsr
pour comprendre cleanup40
http://pageperso.aol.fr/balltrap34/democleanup.htm
0
Réponse 13 / 64
Utilisateur anonyme
 
re mike,
comme tu l as fais en plusieurs fois, je ne sais pas si cela va marcher, on verra bien !

Supprimer les fichiers en suivant le chemin des fichiers infectés si possible, plutot que d'utiliser la fonction "Rechercher"

S'ils sont présents, supprime:

C:\Program Files\C2Media

Pour cela, tu fais ceci,
clik sur demarer, puis poste de travail puis c puis program files, puis recherche C2MEDIA, une fois que tu l as, clik droit dessu et supprimer !

Ensuite fais Démarrer > exécuter et tape cmd
puis valide avec ok

dans la fenêtre qui va s'ouvrir, copie et colle ceci:

del /a C:\WINDOWS\tasks\B027360C903CA678.job

et valide en appuyant sur entrée

Pour cela c est extremement simple:tu clik sur demarer puis sur executer, et tape cmd !
une fenetre noire s ouvre et la tu copie et colle la ligne que je t ai mise au dessu et tape sur entree (la touche de ton clavier)

voila et ensuite jai telecharge cleanup40 mais je sais pas me, servir a la fin il fo que je clique ou? et est tilpayant? il a pas lair de fonctioner .
Non, il est gratuit, regarde sur la video que je t ai mise au dessu c est explike, verifie bien qu il est sur standar !!! et ensuite clik sur clean up et laisse le faire

Si tu as besoin, n hesites pas de nouveau

a+
0
Réponse 14 / 64
mike
 
ogfile of HijackThis v1.99.1
Scan saved at 08:13:08, on 10/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\poum\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file) voila regis mon nouveau rapport ya til des chose a supprimer? j'ai recopier ce que tu ma dit dans executer cmd et jai taper ce que tu ma donne il dise que c'est invalide a bientot et merci.
0
Réponse 15 / 64
Utilisateur anonyme
 
salut mike

Hors connection:

Lance hijackthis et clic sur [Do a system scan only]
cocher la case au début des lignes suivantes:

O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINNT\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINNT\System32\ if (gPopupWindow.CheckFrequency())
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINNT\System32\function PUW_Show()
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe>');
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [ this.url = ] c:\WINNT\System32\ this.url = url;
O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINNT\System32\ this.showDelay = 2000;
O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINNT\System32\ this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINNT\System32\ this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINNT\System32\ this.scrollbars= false;
O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINNT\System32\ this.toolbar= false;
O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINNT\System32\ this.statusbar= false;
O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINNT\System32\ this.resizable = false;
O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINNT\System32\ this.locationbar = false;
O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINNT\System32\ this.menubar = false;
O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINNT\System32\ this.ontop = false;
O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINNT\System32\ this.Init = PUW_Init;
O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINNT\System32\ this.Show = PUW_Show;
O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINNT\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [function PUWSta] c:\WINNT\System32\function PUWStart()
O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINNT\System32\ gPopupWindow.Init();
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINNT\System32\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINNT\System32\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINNT\System32\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINNT\System32\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINNT\System32\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINNT\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINNT\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [ return shouldS] c:\WINNT\System32\ return shouldShow;
O4 - HKCU\..\Run: [<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffff] c:\WINNT\System32\<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">
O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINNT\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\Run: [<script language="javascript" type="text/javascri] c:\WINNT\System32\<script language="javascript" type="text/javascript">
O4 - HKCU\..\Run: [var d=docum] c:\WINNT\System32\var d=document;
O4 - HKCU\..\Run: [var NN4=d.layers?] c:\WINNT\System32\var NN4=d.layers?1:0;
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe>');
O4 - HKCU\..\Run: [} el] c:\WINNT\System32\} else {
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [function redirec] c:\WINNT\System32\function redirect(){
O4 - HKCU\..\Run: [var strT] c:\WINNT\System32\var strTemp;
O4 - HKCU\..\Run: [var strP] c:\WINNT\System32\var strPort;
O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINNT\System32\ top.location.replace(strTemp);
O4 - HKCU\..\Run: [<FRAMESET ROW] c:\WINNT\System32\<FRAMESET ROWS=*>
O4 - HKCU\..\Run: [<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.c] c:\WINNT\System32\<FRAME SRC="http://www.icritias.biz/search.asp?d=tool4ame.com">

valider en cliquant sur le bouton [Fix checked]

Ensuite fais Démarrer > exécuter et tape cmd
puis valide avec ok

dans la fenêtre qui va s'ouvrir, copie et colle ceci:

del /a C:\WINNT\tasks\B027360C903CA678.job

et valide avec entrée

Redemarre normalement ton pc, et ensuite fais un scan AV ici:
http://webscanner.kaspersky.fr/
A la fin de l'analyse, clic sur le lien qui te permet d'avoir accès au rapport d'analyse et copier/coller le rapport ici + un nouveau rapport hijackthis

a+
0
Réponse 16 / 64
mike
 
KASPERSKY ON-LINE SCANNER - RAPPORT
lundi 10 octobre 2005 21:53:42
Système d'exploitation : Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Version de Kaspersky On-line Scanner: 5.0.78.0
Dernière mise à jour de la base antivirus Kaspersky : 12/11/2005
Enregistrements dans la base antivirus Kaspersky : 149764

Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie. vrai

Cible de l'analyse Poste de travail
A:\
C:\
E:\

Statistiques de l'analyse
Total d'objets analysés : 21312
Nombre de virus trouvés 3
Nombre d'objets infectés 3
Nombre d'objets suspects 0
Durée de l'analyse 03:33:09

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\poum\Application Data\dent funk user\Enc Grey Dog.exe Infecté: Trojan-Downloader.Win32.Swizzor.cb ignoré

C:\Documents and Settings\poum\Application Data\dent funk user\third send about locks.exe Infecté: Trojan-Downloader.Win32.Swizzor.dv ignoré

C:\WINNT\system32\installer_im.dll Infecté: Trojan-Dropper.Win32.Delf.av ignoré

Analyse terminée.

Scan saved at 21:59:33, on 10/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\poum\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)

voila regis les deux rapport en ce qui concerne ce que tu ma note o dessus je tape cmd je rentre ce que tu ma dit c'est invalide jai document settig pou quand je fait un copier coller il me dise que cest pas valide jai un petit soucis ossi apres toute ces manip mon antivir avast la page de demarage qui etais bleu est devenu blanche est ce normal? est til tjrs actif merci .
0
Réponse 17 / 64
Utilisateur anonyme
 
re,
en mode sans echec,
relance hijack this et fixe ceci

O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();

O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0"

src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>

O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();

O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe]

c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');

O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');

O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>

redemarre en normal et remet un log pour voir

a+
0
Réponse 18 / 64
mike
 
Scan saved at 08:05:30, on 11/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\poum\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINNT\System32\ gSafeOnload[0] = window.onload;
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINNT\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/10cd32704f4091d53e21/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB095F2F-3EB3-49AB-8FDB-F9F071D2C32B}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ScriptBlocking Service (SBService) - C-Media Inc - (no file)

voila regis
0
Réponse 19 / 64
Utilisateur anonyme
 
re,
c est une version piraté ?

**
Telecharge ceci
http://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+
0
Réponse 20 / 64
mike
 
Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
" gSafeOnload[gSafeOnload.length] " = "c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;" [file not found]
" gSafeOnload[0] = window.onl" = "c:\WINNT\System32\ gSafeOnload[0] = window.onload;" [file not found]
" gSafeOnload[i" = "c:\WINNT\System32\ gSafeOnload[i]();" [file not found]
"WebCamRT.exe" = (empty string)
"document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe" = "c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');" [file not found]
"document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer" = "c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');" [file not found]
"<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr" = "c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LoadQM" = "loadqm.exe" [MS]
"LVCOMS" = "C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" ["Logitech Inc."]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"Synchronization Manager" = "mobsync.exe /logon" [MS]
" gSafeOnload[gSafeOnload.length] " = "c:\WINNT\System32\ gSafeOnload[gSafeOnload.length] = f;" [file not found]
" gSafeOnload[0] = window.onl" = "c:\WINNT\System32\ gSafeOnload[0] = window.onload;" [file not found]
" gSafeOnload[i" = "c:\WINNT\System32\ gSafeOnload[i]();" [file not found]
"MessagerStarter Wanadoo" = "C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo" [file not found]
"document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe" = "c:\WINNT\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');" [file not found]
"document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer" = "c:\WINNT\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');" [file not found]
"<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr" = "c:\WINNT\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>" [file not found]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{5945c046-1e7d-11d1-bc44-00c04fd912be}\(Default) = "MSN Messenger 4.5"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.Remove.PerUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
voila regis ca marche bcp mieux dejamerci
0

Discussions similaires

Musique dans very bad trip
Mussiqua -
XxxxxX -

27 réponses
musique Very Bad Trip 2
loujum -
julius50 -

1 réponse
Musique de Fin "Very Bad Trip 2"
Pixou -
Emmanuelle -

118 réponses
Musique Desperate Howsewives mort de mike
mélidream -
bonnie 28 -

7 réponses
Recherche titre chanson (Very Bad Trip 1).
Théo.46000 -
Lenaforté -

6 réponses