hi I can't remove SurfSideKick.
it is my log file

Logfile of HijackThis v1.99.1
Scan saved at 21:20:58, on 08/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Spleak\SpleakLoader.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLHostManager.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLServiceHost.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\program files\fichiers communs\aol\1132394664\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0d\waol.exe
C:\Program Files\AOL 9.0d\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Scorpio.NION\Bureau\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.bannerconnect.net/rw?iframe3?AAAAAHFPAACnXwAAYz4AAAAAAAAAAP8AAP...wECAARbcwAASjwAAAiLAABNZgAAAAAAAAAAAAAAAAAAAAAAAEjhehSuR.E.SOF6FK5H8T.NzMzMzMz8P83MzMzMzPw.AAAAAAAACEAAAAAAAAAIQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAO1zpaj0ipwDfL5yoOcpHGkaAeZ1OKmE8u9bYzwAAAAA=, (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O1 - Hosts: 193.239.120.210 l2authd.lineage2.com
O1 - Hosts: .com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Web boob style skip] C:\Documents and Settings\All Users\Application Data\liesmealwebboob\Ace Tool.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SpleakPlugin] "C:\Program Files\Spleak\SpleakLoader.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Ajouter un Pop-Up - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra 'Tools' menuitem: Tools Menu Item - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133969536984
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.fr/fr/engine/aolcinst_fr_fr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_22.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBEF9F80-9DB9-4113-A994-27C993B970A9}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169581.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\enr8l19u1.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\p66s0gj7e6o.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks for help

Welcome aboard.. :)

Please download Look2Me-Destroyer (http://www.atribune.org/ccount/click.php?id=7) to your desktop.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a fresh HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

hi here my look2me-destroyer.txt.

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 09/05/2006 16:24:24

Infected! C:\WINDOWS\system32\enjsl1171.dll
Infected! C:\WINDOWS\system32\p66s0gj7e6o.dll
Infected! C:\WINDOWS\system32\api2dvaa.dll
Infected! C:\WINDOWS\system32\byowselc.dll
Infected! C:\WINDOWS\system32\c200lcdm1f0a.dll
Infected! C:\WINDOWS\system32\dsnaddr.dll
Infected! C:\WINDOWS\system32\dzmodemx.dll
Infected! C:\WINDOWS\system32\enjsl1171.dll
Infected! C:\WINDOWS\system32\g4220efoeh2c0.dll
Infected! C:\WINDOWS\system32\i6jq0g15e6.dll
Infected! C:\WINDOWS\system32\irj8l51u1.dll
Infected! C:\WINDOWS\system32\k6js0g17e6.dll
Infected! C:\WINDOWS\system32\ksdir.dll
Infected! C:\WINDOWS\system32\ktl2l73o1.dll
Infected! C:\WINDOWS\system32\l8j8li1u18.dll
Infected! C:\WINDOWS\system32\lvjs0917e.dll
Infected! C:\WINDOWS\system32\lvp0097me.dll
Infected! C:\WINDOWS\system32\m246lchs1f46.dll
Infected! C:\WINDOWS\system32\m4nq0e55eh.dll
Infected! C:\WINDOWS\system32\m646lghs1646.dll
Infected! C:\WINDOWS\system32\mbdtclog.dll
Infected! C:\WINDOWS\system32\mhwdat10.dll
Infected! C:\WINDOWS\system32\mkvidctl.dll
Infected! C:\WINDOWS\system32\mnctfp.dll
Infected! C:\WINDOWS\system32\mv66l9js1.dll
Infected! C:\WINDOWS\system32\p46slej71ho.dll
Infected! C:\WINDOWS\system32\p8n80i5ue8.dll
Infected! C:\WINDOWS\system32\pSpnetsh.dll
Infected! C:\WINDOWS\system32\QYUI2.dll
Infected! C:\WINDOWS\system32\r86ulij918o.dll
Infected! C:\WINDOWS\system32\sahcinst.dll
Infected! C:\WINDOWS\system32\shnscfg.dll
Infected! C:\WINDOWS\system32\stssetup.dll
Infected! C:\WINDOWS\system32\vsdex.dll
Infected! C:\WINDOWS\system32\wnauserv.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\enjsl1171.dll
C:\WINDOWS\system32\enjsl1171.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\api2dvaa.dll
C:\WINDOWS\system32\api2dvaa.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\byowselc.dll
C:\WINDOWS\system32\byowselc.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\c200lcdm1f0a.dll
C:\WINDOWS\system32\c200lcdm1f0a.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dsnaddr.dll
C:\WINDOWS\system32\dsnaddr.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dzmodemx.dll
C:\WINDOWS\system32\dzmodemx.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enjsl1171.dll
C:\WINDOWS\system32\enjsl1171.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\g4220efoeh2c0.dll
C:\WINDOWS\system32\g4220efoeh2c0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i6jq0g15e6.dll
C:\WINDOWS\system32\i6jq0g15e6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irj8l51u1.dll
C:\WINDOWS\system32\irj8l51u1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k6js0g17e6.dll
C:\WINDOWS\system32\k6js0g17e6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ksdir.dll
C:\WINDOWS\system32\ksdir.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ktl2l73o1.dll
C:\WINDOWS\system32\ktl2l73o1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l8j8li1u18.dll
C:\WINDOWS\system32\l8j8li1u18.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lvjs0917e.dll
C:\WINDOWS\system32\lvjs0917e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lvp0097me.dll
C:\WINDOWS\system32\lvp0097me.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m246lchs1f46.dll
C:\WINDOWS\system32\m246lchs1f46.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m4nq0e55eh.dll
C:\WINDOWS\system32\m4nq0e55eh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m646lghs1646.dll
C:\WINDOWS\system32\m646lghs1646.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mbdtclog.dll
C:\WINDOWS\system32\mbdtclog.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mhwdat10.dll
C:\WINDOWS\system32\mhwdat10.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mkvidctl.dll
C:\WINDOWS\system32\mkvidctl.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mnctfp.dll
C:\WINDOWS\system32\mnctfp.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mv66l9js1.dll
C:\WINDOWS\system32\mv66l9js1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p46slej71ho.dll
C:\WINDOWS\system32\p46slej71ho.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p8n80i5ue8.dll
C:\WINDOWS\system32\p8n80i5ue8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\pSpnetsh.dll
C:\WINDOWS\system32\pSpnetsh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\QYUI2.dll
C:\WINDOWS\system32\QYUI2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\r86ulij918o.dll
C:\WINDOWS\system32\r86ulij918o.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\sahcinst.dll
C:\WINDOWS\system32\sahcinst.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\shnscfg.dll
C:\WINDOWS\system32\shnscfg.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\stssetup.dll
C:\WINDOWS\system32\stssetup.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\vsdex.dll
C:\WINDOWS\system32\vsdex.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wnauserv.dll
C:\WINDOWS\system32\wnauserv.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Unimodem
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7BC78791-2E1D-4F90-8EAD-B868764CF891}"
HKCR\Clsid\{7BC78791-2E1D-4F90-8EAD-B868764CF891}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{55094D3D-528F-4425-AA2A-C55D9F74FDC9}"
HKCR\Clsid\{55094D3D-528F-4425-AA2A-C55D9F74FDC9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EAE32E94-212F-4347-B135-8349CA334B62}"
HKCR\Clsid\{EAE32E94-212F-4347-B135-8349CA334B62}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{64D0C2B0-D202-4EDA-A2AE-CAA7D7FF7194}"
HKCR\Clsid\{64D0C2B0-D202-4EDA-A2AE-CAA7D7FF7194}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6117EE77-D29C-47DC-914B-39B172823796}"
HKCR\Clsid\{6117EE77-D29C-47DC-914B-39B172823796}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2C705986-FEE9-4758-ADFA-C159B97B6233}"
HKCR\Clsid\{2C705986-FEE9-4758-ADFA-C159B97B6233}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C0982879-CDF1-4406-8505-78EAF1CB1BA2}"
HKCR\Clsid\{C0982879-CDF1-4406-8505-78EAF1CB1BA2}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{506A7CCA-4295-418E-BCAC-B51050950E77}"
HKCR\Clsid\{506A7CCA-4295-418E-BCAC-B51050950E77}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0EA004B9-F1AA-432D-89D8-4FA3D5029259}"
HKCR\Clsid\{0EA004B9-F1AA-432D-89D8-4FA3D5029259}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrateurs - Succeeded

thanks for help

and my log hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 16:48:34, on 09/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Spleak\SpleakLoader.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLHostManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLServiceHost.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\program files\fichiers communs\aol\1132394664\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0d\waol.exe
C:\Program Files\AOL 9.0d\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Documents and Settings\Scorpio.NION\Bureau\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.bannerconnect.net/rw?iframe3?AAAAAHFPAACnXwAAYz4AAAAAAAAAAP8AAP...wECAARbcwAASjwAAAiLAABNZgAAAAAAAAAAAAAAAAAAAAAAAEjhehSuR.E.SOF6FK5H8T.NzMzMzMz8P83MzMzMzPw.AAAAAAAACEAAAAAAAAAIQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAO1zpaj0ipwDfL5yoOcpHGkaAeZ1OKmE8u9bYzwAAAAA=, (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Web boob style skip] C:\Documents and Settings\All Users\Application Data\liesmealwebboob\Ace Tool.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SpleakPlugin] "C:\Program Files\Spleak\SpleakLoader.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Ajouter un Pop-Up - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra 'Tools' menuitem: Tools Menu Item - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133969536984
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.fr/fr/engine/aolcinst_fr_fr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_22.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBEF9F80-9DB9-4113-A994-27C993B970A9}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169581.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Lets continue.. Go ahead and delete Look2Me-Destroyer. :)

==

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download MWav (http://www.spywareinfo.dk/download/mwav.exe):

Unzip it to its predetermined directory (C:\Kaspersky)
Locate kavupd.exe in the new folder and double-click to Update.
If your firewall gives any messages about this program accessing to internet, allow it.
If it says the signatures are more than 30 days old, keep trying, until you get the actual definition updates.
When you see Updates Downloaded Successfully, hit Enter to continue.
Restart onto Safe Mode (http://www.pchell.com/support/safemode.shtml) and locate the Kaspersky folder.
Locate mwavscan.com and double-click on it to launch the MWAV Scanner.Now lets do the settings:
Leave the Default Settings checked.
Add a check to Drives
This will light up All Drives
Add a check to Scan all Files
Click Scan Clean to begin.
This scan might take around 3+ hours to finish when set to scan everything.
Please be sure it has finished before proceeding.
Once the Scan has finished, all entries identified as Infected, will be displayed in the lower panel.
Highlight everything that is inside the lower panel and hit Ctrl+C at the same time to copy.
Open an empty notepad file and paste the results (Ctrl+V) to it. Save the notepad to your desktop, name it as you want (e.g; MWav Results).Reboot into normal Windows and post the results here along with a fresh HijackThis log. :bigthumb:

how one makes to start restart in safe mode ? sry I don't know ...:D

sorry its ok I'm not see the link for restart on safe mode

its ok my lower panel and my hijackthis log file.

File C:\WINDOWS\system32\KHDAL.DLL tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\VF6STKIT.DLL tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060507005842.zip tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
File C:\Documents and Settings\rose\Application Data\Mozilla\Firefox\Profiles\83w32xlz.default\Cache\CAA46AB4d01 tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\Documents and Settings\rose\Local Settings\Temp\67.tmp infected by "Trojan-Downloader.Win32.WinShow.be" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\rose\Local Settings\Temp\B6.tmp infected by "Trojan-Downloader.Win32.WinShow.be" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\rose\Local Settings\Temp\BB.tmp infected by "Trojan-Downloader.Win32.WinShow.be" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\rose\Local Settings\Temp\C0.tmp infected by "Trojan-Downloader.Win32.WinShow.be" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\rose\Local Settings\Temp\C6.tmp infected by "Trojan-Downloader.Win32.WinShow.be" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\rose\Local Settings\Temp\D0.tmp infected by "Trojan-Downloader.Win32.WinShow.be" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\rose\Local Settings\Temp\D7.tmp infected by "Trojan-Downloader.Win32.WinShow.be" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\rose\Local Settings\Temp\DC.tmp infected by "Trojan-Downloader.Win32.WinShow.be" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\rose\Local Settings\Temp\E6.tmp infected by "Trojan-Downloader.Win32.WinShow.be" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Scorpio.NION\Bureau\Bureau\mirc\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File C:\Documents and Settings\Scorpio.NION\Local Settings\Application Data\Mozilla\Firefox\Profiles\xuqtfyli.default\Cache\7A0BC346d01 infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\ScorpioX\Local Settings\Temp\i828.tmp tagged as not-a-virus:AdWare.Win32.SurfSide.j. No Action Taken.
File C:\Documents and Settings\ScorpioX\Local Settings\Temp\temp.fr0E63 tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\Documents and Settings\Unknown\Local Settings\Application Data\Mozilla\Firefox\Profiles\mt8wceau.default\Cache\7A0BC346d01 infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Unknown\Local Settings\Temp\i50C.tmp tagged as not-a-virus:AdWare.Win32.SurfSide.j. No Action Taken.
File C:\Program Files\BitTorrent\uninstall.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File C:\WINDOWS\system32\KHDAL.DLL tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\VF6STKIT.DLL tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.



Logfile of HijackThis v1.99.1
Scan saved at 09:00:11, on 11/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Spleak\SpleakLoader.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLHostManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\program files\fichiers communs\aol\1132394664\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0d\waol.exe
C:\Program Files\AOL 9.0d\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Scorpio.NION\Bureau\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.bannerconnect.net/rw?iframe3?AAAAAHFPAACnXwAAYz4AAAAAAAAAAP8AAP...wECAARbcwAASjwAAAiLAABNZgAAAAAAAAAAAAAAAAAAAAAAAEjhehSuR.E.SOF6FK5H8T.NzMzMzMz8P83MzMzMzPw.AAAAAAAACEAAAAAAAAAIQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAO1zpaj0ipwDfL5yoOcpHGkaAeZ1OKmE8u9bYzwAAAAA=, (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SpleakPlugin] "C:\Program Files\Spleak\SpleakLoader.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [waol.exe] C:\Program Files\AOL 9.0\waol.exe
O4 - HKLM\..\Run: [REV] c:\program files\valve\steam\steamapps\scorpiosvg@aol.com\counter-strike\Revolution_Script.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0d\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Ajouter un Pop-Up - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra 'Tools' menuitem: Tools Menu Item - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133969536984
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.fr/fr/engine/aolcinst_fr_fr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_22.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBEF9F80-9DB9-4113-A994-27C993B970A9}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169581.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

thnks for help

Ok.. Lets continue :)

Go ahead and remove MWav.

==

Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Removeservice.bat. to your desktop.


@echo off
sc stop NTBOOTMGR
sc stop NTLOAD
sc stop NTSVCMGR
sc delete NTBOOT
sc delete NTLOAD
sc delete NTSVCMGR

Double-click on Removeservice.bat. A window will pop up and close. This is normal.

==

Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right-click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk ( C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE (http://downloads.subratam.org/Lon/sidekickFix.bat) and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix by LonnyRJones.
Save it in the same folder you made earlier (c:\BFU).

Please close ALL other open windows & explorer folder's, then double-click on sidekickFix.bat.
Click YES and follow the prompts, when prompted to restart the PC please do so.

==

Finally:

Please download the Killbox by Option^Explicit (http://www.downloads.subratam.org/KillBox.zip).

Note: In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.
Please double-click Killbox.exe to run it.
Select: Delete on Reboot then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\KHDAL.DLL
C:\WINDOWS\system32\VF6STKIT.DLL
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe


Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here (http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) to download and run missingfilesetup.exe. Then try Killbox again.

==

Post back with a fresh HijackThis log :bigthumb:

its ok look me hijackthis log file ^^


Logfile of HijackThis v1.99.1
Scan saved at 21:13:14, on 11/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\LVCOMSX.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLHostManager.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLServiceHost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\program files\fichiers communs\aol\1132394664\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0d\waol.exe
C:\Program Files\AOL 9.0d\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Documents and Settings\Scorpio.NION\Bureau\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.bannerconnect.net/rw?iframe3?AAAAAHFPAACnXwAAYz4AAAAAAAAAAP8AAP...wECAARbcwAASjwAAAiLAABNZgAAAAAAAAAAAAAAAAAAAAAAAEjhehSuR.E.SOF6FK5H8T.NzMzMzMz8P83MzMzMzPw.AAAAAAAACEAAAAAAAAAIQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAO1zpaj0ipwDfL5yoOcpHGkaAeZ1OKmE8u9bYzwAAAAA=, (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Ajouter un Pop-Up - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra 'Tools' menuitem: Tools Menu Item - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133969536984
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.fr/fr/engine/aolcinst_fr_fr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_22.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBEF9F80-9DB9-4113-A994-27C993B970A9}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

aigain thanks for you help

Ok.. Run a scan with HijackThis and check the following objects for removal:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.bannerconnect.net/rw?ifram...E8u9bYzwAAAAA=, (obfuscated)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Please reboot.

==

Please go HERE (http://www.pandasoftware.com/products/activescan.htm) to run Panda's ActiveScan
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report. :)

^^


Incident Status Location

Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Adware:adware/searchaid Not disinfected c:\windows\system32\sdkny32.exe
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Scorpio.NION\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard161.dat
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/spysheriff Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:Adware/Look2Me Not disinfected C:\!KillBox\KHDAL.DLL
Adware:Adware/Look2Me Not disinfected C:\!KillBox\VF6STKIT.DLL
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.overture.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.advertising.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.2o7.net/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.888.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[www.errorsafe.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.offeroptimizer.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[c.enhance.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.com.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Airazor\Application Data\Mozilla\Firefox\Profiles\ie4rdbhf.default\cookies.txt[.target.com/]
Spyware:Cookie/Rn11

Through Add/Remove programs in Control Panel, please uninstall the following entry if present (dont be concerned if it isn't):

MyWay <= Anything that relates to MyWay.

==

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
This program is for XP and Windows 2000 only.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

==

Run Killbox again:
Please double-click Killbox.exe to run it.
Select: Delete on Reboot then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

c:\windows\system32\ot.ico
c:\windows\system32\sdkny32.exe
c:\windows\keyboard161.dat
c:\program files\MyWay


Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here (http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) to download and run missingfilesetup.exe. Then try Killbox again.

==

Post this along with a fresh HijackThis log:
Open HiJackThis
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on the Box that says "Uninstall Manager"
Click on the button "Save list"
Copy and paste the List from the notebook onto your post. :bigthumb:

ok

Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe Photoshop CS
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.7 - Français
Adobe® Photoshop® Album Edition Découverte 3.0
AIDA32 v3.93
Alexander
All To MP3 Converter 1.6
Alligator v1.32
AOL (France)
AOL Auto-diagnostic
AOL Coach Version 1.0(Build:20040229.1 fr)
AOL Uninstaller
Archiveur WinRAR
AxCrypt (Désinstaller uniquement)
Barre d'outils MSN
BitTornado 0.3.15
BitTorrent 4.1.3-Beta
Bugs Bunny et Taz - La Spirale du Temps
Ciel Devis factures
CloneDVD2
Correctif Windows XP - KB867282
Correctif Windows XP - KB873333
Correctif Windows XP - KB873339
Correctif Windows XP - KB885250
Correctif Windows XP - KB885295
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885884
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB887797
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB890047
Correctif Windows XP - KB890175
Correctif Windows XP - KB890859
Correctif Windows XP - KB890923
Correctif Windows XP - KB891781
Correctif Windows XP - KB893086
Creative MediaSource
Dawn Of War
Dawn Of War - Winter Assault
Dessinez, C'est Disney
DivX
DivX Player
Doom 3
DVD Shrink 3.2
East-Tec Eraser 2004
Ecran de veille AOL Photos
eDonkey2000
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
Far Cry
FAST Defrag Freeware 2.29 [final]
FdE_pays-v2_800x600 ScreenSaver
FileZilla (remove only)
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FlashGet(JetCar)
Fraps (remove only)
Free Download Manager 2.0
GoldWave v5.06
Half-Life(R) 2
HijackThis 1.99.1
HLSW v1.0.0.47
Htmledit v2.5
Image Converter 2
Ink
IziLock
J2SE Runtime Environment 5.0 Update 6
La Belle et la Bête Atelier de Jeux
Labtec WebCam-Software
Learn2 Player (Uninstall Only)
LeechFTP
Les Sims Abracadabra
Les Sims Superstar
Lineage II
LogAll
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee SecurityCenter
McAfee VirusScan
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Excel 97
Microsoft Publisher 97
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Word 97
mIRC
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
Mise à jour de sécurité pour Windows XP (KB883939)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893066)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB896688)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899588)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB905915)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB908531)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911567)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912812)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913446)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB896727)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB900930)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB910437)
Module de connectivité AOL
Monstres AJ
Mozilla Firefox (1.5)
MSN Messenger 7.5
MSNServersX
Need For Speed Most Wanted (Black Edition 1.3) Mega Trainer
Need for Speed™ Most Wanted
Nero OEM
NVIDIA Drivers
OpenMG Limited Patch 4.3-05-10-05-01
OpenMG Secure Module 4.3.00
Package de base Microsoft de service de chiffrement pour cartes à puce
Panda ActiveScan
PlayOnline Viewer and Tetra Master
PowerDVD
Programme de gestion Camera de Labtec®
Project64 1.6
QuickTime
RealPlayer Basic
Reverse & Upper 1.0
Revolution Script CS
RGSS de RMXP version 1.0.1
RMXP version 1.0.0.1
RollerCoaster Tycoon 2
Shareaza version 2.2.1.0
Skinner v1.2
Skype 1.1
SocksCap V2
SoftCAD.3D
SonicStage 3.3
Sony MP4 Shared Library
Sony Vegas 5.0b
SpeechRedist
SpeedTouch USB Software
Spleak
Spybot - Search & Destroy 1.4
Steam
Steam(TM)
TeamSpeak 2 RC2
TopStyle Lite (Version 3.0)
Total Overdose
TribalWeb.net
ubi.com
Unreal II
Unreal Tournament 2004
VIA Audio Driver Setup Program
VIA Rhine-Family Fast Ethernet Adapter
VideoLAN VLC media player 0.8.4a
Viewpoint Media Player
VoissaNoPubs 2.50
WaveL Pic2Pic
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP Service Pack 2
WinFast(R) Display Driver
Xfire (remove only)
XviD MPEG-4 Video Codec
Yahoo! Internet Mail
ZHLT Compile GUI v8

Go ahead and uninstall these unless you need them for something:

Learn2 Player (Uninstall Only)
Panda ActiveScan
Viewpoint Media Player

Make sure your Mozilla Firefox is up-to-date. Open the program, click on the "Help" tab, choose "Look for updates".

==

Delete this folder:

C:\!KillBox

Empty recycle bin.

==

Post back with a fresh HijackThis log and let me know how is the system running now :)

Logfile of HijackThis v1.99.1
Scan saved at 21:09:07, on 14/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLHostManager.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\fichiers communs\aol\1132394664\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLServiceHost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\AOL 9.0d\waol.exe
C:\Program Files\AOL 9.0d\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Scorpio.NION\Bureau\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.bannerconnect.net/rw?iframe3?AAAAAHFPAACnXwAAYz4AAAAAAAAAAP8AAP...wECAARbcwAASjwAAAiLAABNZgAAAAAAAAAAAAAAAAAAAAAAAEjhehSuR.E.SOF6FK5H8T.NzMzMzMz8P83MzMzMzPw.AAAAAAAACEAAAAAAAAAIQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAO1zpaj0ipwDfL5yoOcpHGkaAeZ1OKmE8u9bYzwAAAAA=, (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 193.239.120.210 l2authd.lineage2.com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1132394664\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133969536984
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.fr/fr/engine/aolcinst_fr_fr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_22.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBEF9F80-9DB9-4113-A994-27C993B970A9}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

101 Dalmatiens LAI
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe Photoshop CS
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.7 - Français
Adobe® Photoshop® Album Edition Découverte 3.0
AIDA32 v3.93
Alexander
All To MP3 Converter 1.6
Alligator v1.32
AOL (France)
AOL Auto-diagnostic
AOL Coach Version 1.0(Build:20040229.1 fr)
AOL Uninstaller
Archiveur WinRAR
AxCrypt (Désinstaller uniquement)
Barre d'outils MSN
BitTornado 0.3.15
BitTorrent 4.1.3-Beta
Bugs Bunny et Taz - La Spirale du Temps
Ciel Devis factures
CloneDVD2
Correctif Windows XP - KB867282
Correctif Windows XP - KB873333
Correctif Windows XP - KB873339
Correctif Windows XP - KB885250
Correctif Windows XP - KB885295
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885884
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB887797
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB890047
Correctif Windows XP - KB890175
Correctif Windows XP - KB890859
Correctif Windows XP - KB890923
Correctif Windows XP - KB891781
Correctif Windows XP - KB893086
Creative MediaSource
Dawn Of War
Dawn Of War - Winter Assault
Dessinez, C'est Disney
DivX
DivX Player
Doom 3
DVD Shrink 3.2
East-Tec Eraser 2004
Ecran de veille AOL Photos
eDonkey2000
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
Far Cry
FAST Defrag Freeware 2.29 [final]
FdE_pays-v2_800x600 ScreenSaver
FileZilla (remove only)
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FlashGet(JetCar)
Fraps (remove only)
Free Download Manager 2.0
GoldWave v5.06
GUILD WARS
Half-Life(R) 2
HijackThis 1.99.1
HLSW v1.0.0.47
Htmledit v2.5
Image Converter 2
Ink
IziLock
J2SE Runtime Environment 5.0 Update 6
La Belle et la Bête Atelier de Jeux
Labtec WebCam-Software
LeechFTP
Les Sims Abracadabra
Les Sims Superstar
Lineage II
LogAll
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee SecurityCenter
McAfee VirusScan
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Excel 97
Microsoft Publisher 97
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Word 97
mIRC
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
Mise à jour de sécurité pour Windows XP (KB883939)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893066)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB896688)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899588)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB905915)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB908531)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911567)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912812)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913446)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB896727)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB900930)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB910437)
Module de connectivité AOL
Monstres AJ
Mozilla Firefox (1.5)
MSN Messenger 7.5
MSNServersX
Need For Speed Most Wanted (Black Edition 1.3) Mega Trainer
Need for Speed™ Most Wanted
Nero OEM
NVIDIA Drivers
OpenMG Limited Patch 4.3-05-10-05-01
OpenMG Secure Module 4.3.00
Package de base Microsoft de service de chiffrement pour cartes à puce
PlayOnline Viewer and Tetra Master
PowerDVD
Programme de gestion Camera de Labtec®
Project64 1.6
QuickTime
RealPlayer Basic
Reverse & Upper 1.0
Revolution Script CS
RGSS de RMXP version 1.0.1
RMXP version 1.0.0.1
RollerCoaster Tycoon 2
Shareaza version 2.2.1.0
Skinner v1.2
Skype 1.1
SocksCap V2
SoftCAD.3D
SonicStage 3.3
Sony MP4 Shared Library
Sony Vegas 5.0b
SpeechRedist
SpeedTouch USB Software
Spleak
Spybot - Search & Destroy 1.4
Steam
Steam(TM)
TeamSpeak 2 RC2
TopStyle Lite (Version 3.0)
Total Overdose
TribalWeb.net
ubi.com
Unreal II
Unreal Tournament 2004
VIA Audio Driver Setup Program
VIA Rhine-Family Fast Ethernet Adapter
VideoLAN VLC media player 0.8.4a
VoissaNoPubs 2.50
WaveL Pic2Pic
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP Service Pack 2
WinFast(R) Display Driver
Xfire (remove only)
XviD MPEG-4 Video Codec
Yahoo! Internet Mail
ZHLT Compile GUI v8

Hi again.. Looks good :)

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Run a scan with HijackThis on Safe Mode and check the following object for removal if present:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.bannerconnect.net/rw?ifram...E8u9bYzwAAAAA=, (obfuscated)

Now close ALL other open windows except for HijackThis and hit FIX CHECKED.

Reboot normally and post back with a fresh HijackThis log.

scorpioscp28
Reboot normally and post back with a fresh HijackThis log.
How is it going?

This topic is closed due to lack of a response to helper.
If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.